🌱 Bump the all-github-actions group across 1 directory with 13 updates

[dependabot]

Bumps the all-github-actions group with 13 updates in the / directory:

Package	From	To
sqren/backport-github-action	9.2.2	11.0.0
actions/checkout	3	6
actions/setup-go	5.3.0	6.3.0
actions/cache	4.2.0	5.0.4
EndBug/add-and-commit	9.1.4	10.0.0
actions/github-script	7.0.1	8.0.0
golangci/golangci-lint-action	6.3.2	9.2.0
gaurav-nelson/github-action-markdown-link-check	1.0.16	1.0.17
tj-actions/changed-files	dcc7a0cba800f454d79fff4b993e8c3555bcc0a8	3d37a7ff08a7ce64b4cab9669eac39b0709cdac9
softprops/action-gh-release	2.2.1	2.6.1
docker/setup-buildx-action	1	4
docker/login-action	1	4
mukunku/tag-exists-action	1.2.0	1.7.0

Updates sqren/backport-github-action from 9.2.2 to 11.0.0

Release notes

Sourced from sqren/backport-github-action's releases.

v11.0.0

Update backport to 11.0.0

v10.4.0

Update backport to 10.4.0

v10.2.0

What's Changed

• Bump backport to 10.2.0 by @​sorenlouv in sorenlouv/backport-github-action#174
• Bump Node 24 by @​sorenlouv in sorenlouv/backport-github-action#175

Bump to Backport 9.5.1

No release notes provided.

Bump to Node 20

Require Node 20

v9.3.0

Bump to backport 9.3.0

v9.3.0-a

No release notes provided.

Commits

• 9460b71 chore: release v11.0.0
• c0d1fb5 feat: upgrade to backport@11 with smoke test suite (#177)
• e086778 Convert to ESM, replace Jest with Vitest, align dependencies with backport
• 6840073 Replace RELEASE.md with cursor rule and skill
• 566ba6c Add feature-specific validation docs to RELEASE.md
• 576c0c8 Skip backport gracefully when PR is not merged
• 7c4cc75 Add RELEASE.md documenting the release and validation workflow
• d196c79 Update backport to 10.4.0
• 516854e Bump Node 24 (#175)
• 099cc6f Bump backport to 10.2.0 (#174)
• Additional commits viewable in compare view

Updates actions/checkout from 3 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298
• update readme/changelog for v6 by @​ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226
• Prepare v5.0.0 release by @​salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043

... (truncated)

Commits

• de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
• 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
• 8e8c483 Clarify v6 README (#2328)
• 033fa0d Add worktree support for persist-credentials includeIf (#2327)
• c2d88d3 Update all references from v5 and v4 to v6 (#2314)
• 1af3b93 update readme/changelog for v6 (#2311)
• 71cf226 v6-beta (#2298)
• 069c695 Persist creds to a separate file (#2286)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• 08c6903 Prepare v5.0.0 release (#2238)
• Additional commits viewable in compare view

Updates actions/setup-go from 5.3.0 to 6.3.0

Release notes

Sourced from actions/setup-go's releases.

v6.3.0

What's Changed

• Update default Go module caching to use go.mod by @​priyagupta108 in actions/setup-go#705
• Fix golang download url to go.dev by @​178inaba in actions/setup-go#469

Full Changelog: actions/setup-go@v6...v6.3.0

v6.2.0

What's Changed

Enhancements

• Example for restore-only cache in documentation by @​aparnajyothi-y in actions/setup-go#696
• Update Node.js version in action.yml by @​ccoVeille in actions/setup-go#691
• Documentation update of actions/checkout by @​deining in actions/setup-go#683

Dependency updates

• Upgrade js-yaml from 3.14.1 to 3.14.2 by @​dependabot in actions/setup-go#682
• Upgrade @​actions/cache to v5 by @​salmanmkc in actions/setup-go#695
• Upgrade actions/checkout from 5 to 6 by @​dependabot in actions/setup-go#686
• Upgrade qs from 6.14.0 to 6.14.1 by @​dependabot in actions/setup-go#703

New Contributors

• @​ccoVeille made their first contribution in actions/setup-go#691
• @​deining made their first contribution in actions/setup-go#683

Full Changelog: actions/setup-go@v6...v6.2.0

v6.1.0

What's Changed

Enhancements

• Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @​nicholasngai in actions/setup-go#665
• Add support for .tool-versions file and update workflow by @​priya-kinthali in actions/setup-go#673
• Add comprehensive breaking changes documentation for v6 by @​mahabaleshwars in actions/setup-go#674

Dependency updates

• Upgrade eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking changes in v6 by @​dependabot in actions/setup-go#617
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot in actions/setup-go#641
• Upgrade semver and @​types/semver by @​dependabot in actions/setup-go#652

New Contributors

• @​nicholasngai made their first contribution in actions/setup-go#665
• @​priya-kinthali made their first contribution in actions/setup-go#673
• @​mahabaleshwars made their first contribution in actions/setup-go#674

Full Changelog: actions/setup-go@v6...v6.1.0

v6.0.0

What's Changed

... (truncated)

Commits

• 4b73464 Fix golang download url to go.dev (#469)
• a5f9b05 Update default Go module caching to use go.mod (#705)
• 7a3fe6c Bump qs from 6.14.0 to 6.14.1 (#703)
• b9adafd Bump actions/checkout from 5 to 6 (#686)
• d73f6bc README.md: correct to actions/checkout@v6 (#683)
• ae252ee Bump @​actions/cache to v5 (#695)
• bf7446a Bump js-yaml from 3.14.1 to 3.14.2 (#682)
• 02aadfe Fix Node.js version in action.yml (#691)
• 4aaadf4 Example for restore-only cache in documentation (#696)
• 4dc6199 Bump semver and @​types/semver (#652)
• Additional commits viewable in compare view

Updates actions/cache from 4.2.0 to 5.0.4

Release notes

Sourced from actions/cache's releases.

v5.0.4

What's Changed

• Add release instructions and update maintainer docs by @​Link- in actions/cache#1696
• Potential fix for code scanning alert no. 52: Workflow does not contain permissions by @​Link- in actions/cache#1697
• Fix workflow permissions and cleanup workflow names / formatting by @​Link- in actions/cache#1699
• docs: Update examples to use the latest version by @​XZTDean in actions/cache#1690
• Fix proxy integration tests by @​Link- in actions/cache#1701
• Fix cache key in examples.md for bun.lock by @​RyPeck in actions/cache#1722
• Update dependencies & patch security vulnerabilities by @​Link- in actions/cache#1738

New Contributors

• @​XZTDean made their first contribution in actions/cache#1690
• @​RyPeck made their first contribution in actions/cache#1722

Full Changelog: actions/cache@v5...v5.0.4

v5.0.3

What's Changed

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

Full Changelog: actions/cache@v5...v5.0.3

v.5.0.2

v5.0.2

What's Changed

When creating cache entries, 429s returned from the cache service will not be retried.

v5.0.1

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

---

v5.0.1

What's Changed

• fix: update @​actions/cache for Node.js 24 punycode deprecation by @​salmanmkc in actions/cache#1685
• prepare release v5.0.1 by @​salmanmkc in actions/cache#1686

v5.0.0

What's Changed

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

1. Switch to a new branch from main.
2. Run npm test to ensure all tests are passing.
3. Update the version in https://github.com/actions/cache/blob/main/package.json.
4. Run npm run build to update the compiled files.
5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
6. Run licensed cache to update the license report.
7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
8. Commit your changes and push your branch upstream.
9. Open a pull request against main and get it reviewed and merged.
10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.4

• Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
• Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
• Bump fast-xml-parser to v5.5.6

5.0.3

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

5.0.2

• Bump @actions/cache to v5.0.3 #1692

5.0.1

• Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

... (truncated)

Commits

• 6682284 Merge pull request #1738 from actions/prepare-v5.0.4
• e340396 Update RELEASES
• 8a67110 Add licenses
• 1865903 Update dependencies & patch security vulnerabilities
• 5656298 Merge pull request #1722 from RyPeck/patch-1
• 4e380d1 Fix cache key in examples.md for bun.lock
• b7e8d49 Merge pull request #1701 from actions/Link-/fix-proxy-integration-tests
• 984a21b Add traffic sanity check step
• acf2f1f Fix resolution
• 95a07c5 Add wait for proxy
• Additional commits viewable in compare view

Updates EndBug/add-and-commit from 9.1.4 to 10.0.0

Release notes

Sourced from EndBug/add-and-commit's releases.

v10.0.0

What's Changed

• chore(deps-dev): bump husky from 8.0.3 to 9.0.6 by @​dependabot[bot] in EndBug/add-and-commit#617
• chore(deps-dev): bump @​typescript-eslint/parser from 6.19.0 to 6.19.1 by @​dependabot[bot] in EndBug/add-and-commit#618
• chore(deps-dev): bump prettier from 3.2.4 to 3.2.5 by @​dependabot[bot] in EndBug/add-and-commit#619
• chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 6.19.1 to 6.21.0 by @​dependabot[bot] in EndBug/add-and-commit#623
• chore(deps-dev): bump @​typescript-eslint/parser from 6.19.1 to 6.21.0 by @​dependabot[bot] in EndBug/add-and-commit#624
• chore(deps-dev): bump husky from 9.0.6 to 9.0.11 by @​dependabot[bot] in EndBug/add-and-commit#626
• chore: switch to GTS for linting by @​EndBug in EndBug/add-and-commit#636
• chore(deps-dev): bump gts from 5.2.0 to 5.3.0 by @​dependabot[bot] in EndBug/add-and-commit#637
• chore(deps-dev): bump typescript from 5.2.2 to 5.4.5 by @​dependabot[bot] in EndBug/add-and-commit#639
• chore(deps-dev): bump gts from 5.3.0 to 5.3.1 by @​dependabot[bot] in EndBug/add-and-commit#642
• chore(deps-dev): bump braces from 3.0.2 to 3.0.3 by @​dependabot[bot] in EndBug/add-and-commit#641
• chore(deps-dev): bump typescript from 5.4.5 to 5.5.2 by @​dependabot[bot] in EndBug/add-and-commit#644
• Adds examples of input arrays. by @​tommie in EndBug/add-and-commit#645
• chore(deps-dev): bump typescript from 5.5.2 to 5.5.3 by @​dependabot[bot] in EndBug/add-and-commit#649
• docs: add tommie as a contributor for doc by @​allcontributors[bot] in EndBug/add-and-commit#647
• chore(deps-dev): bump husky from 9.0.11 to 9.1.1 by @​dependabot[bot] in EndBug/add-and-commit#650
• chore(deps-dev): bump typescript from 5.5.3 to 5.5.4 by @​dependabot[bot] in EndBug/add-and-commit#653
• chore(deps-dev): bump husky from 9.1.1 to 9.1.4 by @​dependabot[bot] in EndBug/add-and-commit#655
• chore(deps-dev): bump husky from 9.1.4 to 9.1.5 by @​dependabot[bot] in EndBug/add-and-commit#659
• chore(deps-dev): bump husky from 9.1.5 to 9.1.6 by @​dependabot[bot] in EndBug/add-and-commit#660
• chore(deps-dev): bump typescript from 5.5.4 to 5.6.2 by @​dependabot[bot] in EndBug/add-and-commit#661
• chore(deps-dev): bump @​vercel/ncc from 0.38.1 to 0.38.2 by @​dependabot[bot] in EndBug/add-and-commit#662
• chore(deps): bump @​actions/core from 1.10.1 to 1.11.1 by @​dependabot[bot] in EndBug/add-and-commit#663
• chore(deps-dev): bump typescript from 5.6.2 to 5.6.3 by @​dependabot[bot] in EndBug/add-and-commit#664
• chore(deps-dev): bump gts from 5.3.1 to 6.0.0 by @​dependabot[bot] in EndBug/add-and-commit#665
• chore(deps-dev): bump gts from 6.0.0 to 6.0.2 by @​dependabot[bot] in EndBug/add-and-commit#666
• chore(deps-dev): bump @​vercel/ncc from 0.38.2 to 0.38.3 by @​dependabot[bot] in EndBug/add-and-commit#669
• chore(deps): bump cross-spawn by @​dependabot[bot] in EndBug/add-and-commit#670
• docs: add icemac as a contributor for doc by @​allcontributors[bot] in EndBug/add-and-commit#674
• chore(deps-dev): bump husky from 9.1.6 to 9.1.7 by @​dependabot[bot] in EndBug/add-and-commit#672
• chore(deps-dev): bump typescript from 5.6.3 to 5.7.2 by @​dependabot[bot] in EndBug/add-and-commit#671
• chore(deps-dev): bump typescript from 5.7.2 to 5.7.3 by @​dependabot[bot] in EndBug/add-and-commit#676
• chore(deps-dev): bump eslint-config-prettier from 9.1.0 to 10.0.1 by @​dependabot[bot] in EndBug/add-and-commit#677
• chore(deps-dev): bump eslint-config-prettier from 10.0.1 to 10.0.2 by @​dependabot[bot] in EndBug/add-and-commit#678
• chore(deps-dev): bump typescript from 5.7.3 to 5.8.2 by @​dependabot[bot] in EndBug/add-and-commit#679
• chore(deps-dev): bump eslint-config-prettier from 10.0.2 to 10.1.1 by @​dependabot[bot] in EndBug/add-and-commit#680
• chore(deps-dev): bump typescript from 5.8.2 to 5.8.3 by @​dependabot[bot] in EndBug/add-and-commit#681
• chore(deps-dev): bump eslint-config-prettier from 10.1.1 to 10.1.2 by @​dependabot[bot] in EndBug/add-and-commit#682
• chore(deps-dev): bump eslint-config-prettier from 10.1.2 to 10.1.5 by @​dependabot[bot] in EndBug/add-and-commit#683
• chore(deps-dev): bump eslint-config-prettier from 10.1.5 to 10.1.8 by @​dependabot[bot] in EndBug/add-and-commit#686
• ci(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in EndBug/add-and-commit#688
• ci(deps): bump actions/setup-node from 4 to 5 by @​dependabot[bot] in EndBug/add-and-commit#690
• chore(deps-dev): bump @​vercel/ncc from 0.38.3 to 0.38.4 by @​dependabot[bot] in EndBug/add-and-commit#691
• chore(deps-dev): bump typescript from 5.8.3 to 5.9.3 by @​dependabot[bot] in EndBug/add-and-commit#694
• ci(deps): bump actions/setup-node from 5 to 6 by @​dependabot[bot] in EndBug/add-and-commit#697
• ci(deps): bump github/codeql-action from 3 to 4 by @​dependabot[bot] in EndBug/add-and-commit#696
• Removes the redundant JSON array parsing. by @​tommie in EndBug/add-and-commit#652
• docs: add tommie as a contributor for code, and test by @​allcontributors[bot] in EndBug/add-and-commit#699

... (truncated)

Commits

• 290ea2c 10.0.0
• 5190a0a docs: prepare for v10
• 9ac3878 chore: npm audit fix
• 7b015bd docs: add CodeReaper as a contributor for maintenance (#723)
• 300836d chore(deps-dev): bump flatted from 3.3.3 to 3.4.2 (#722)
• f6e20ed feat!: use node version 24 (#720)
• 6280653 chore(deps-dev): bump jest from 30.2.0 to 30.3.0 (#721)
• 1539a6a chore(deps): bump @​actions/core from 2.0.2 to 3.0.0 (#716)
• af611dd chore(deps): bump minimatch (#718)
• 2df77c1 chore(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5 (#712)
• Additional commits viewable in compare view

Updates actions/github-script from 7.0.1 to 8.0.0

Release notes

Sourced from actions/github-script's releases.

v8.0.0

What's Changed

• Update Node.js version support to 24.x by @​salmanmkc in actions/github-script#637
• README for updating actions/github-script from v7 to v8 by @​sneha-krip in actions/github-script#653

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

• @​salmanmkc made their first contribution in actions/github-script#637
• @​sneha-krip made their first contribution in actions/github-script#653

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

What's Changed

• Upgrade husky to v9 by @​benelan in actions/github-script#482
• Add workflow file for publishing releases to immutable action package by @​Jcambass in actions/github-script#485
• Upgrade IA Publish by @​Jcambass in actions/github-script#486
• Fix workflow status badges by @​joshmgross in actions/github-script#497
• Update usage of actions/upload-artifact by @​joshmgross in actions/github-script#512
• Clear up package name confusion by @​joshmgross in actions/github-script#514
• Update dependencies with npm audit fix by @​joshmgross in actions/github-script#515
• Specify that the used script is JavaScript by @​timotk in actions/github-script#478
• chore: Add Dependabot for NPM and Actions by @​nschonni in actions/github-script#472
• Define permissions in workflows and update actions by @​joshmgross in actions/github-script#531
• chore: Add Dependabot for .github/actions/install-dependencies by @​nschonni in actions/github-script#532
• chore: Remove .vscode settings by @​nschonni in actions/github-script#533
• ci: Use github/setup-licensed by @​nschonni in actions/github-script#473
• make octokit instance available as octokit on top of github, to make it easier to seamlessly copy examples from GitHub rest api or octokit documentations by @​iamstarkov in actions/github-script#508
• Remove octokit README updates for v7 by @​joshmgross in actions/github-script#557
• docs: add "exec" usage examples by @​neilime in actions/github-script#546
• Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by @​dependabot[bot] in actions/github-script#563
• Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by @​dependabot[bot] in actions/github-script#575
• Clearly document passing inputs to the script by @​joshmgross in actions/github-script#603
• Update README.md by @​nebuk89 in actions/github-script#610

New Contributors

• @​benelan made their first contribution in actions/github-script#482
• @​Jcambass made their first contribution in actions/github-script#485
• @​timotk made their first contribution in actions/github-script#478
• @​iamstarkov made their first contribution in actions/github-script#508
• @​neilime made their first contribution in actions/github-script#546
• @​nebuk89 made their first contribution in actions/github-script#610

Full Changelog: actions/github-script@v7...v7.1.0

Commits

• ed59741 Merge pull request #653 from actions/sneha-krip/readme-for-v8
• 2dc352e Bold minimum Actions Runner version in README
• 01e118c Update README for Node 24 runtime requirements
• 8b222ac Apply suggestion from @​salmanmkc
• adc0eea README for updating actions/github-script from v7 to v8
• 20fe497 Merge pull request #637 from actions/node24
• e7b7f22 update licenses
• 2c81ba0 Update Node.js version support to 24.x
• f28e40c Merge pull request #610 from actions/nebuk89-patch-1
• 1ae9958 Update README.md
• Additional commits viewable in compare view

Updates golangci/golangci-lint-action from 6.3.2 to 9.2.0

Release notes

Sourced from golangci/golangci-lint-action's releases.

v9.2.0

What's Changed

Changes

• feat: add version-file option by @​ldez in golangci/golangci-lint-action#1320
• chore: move samples into fixtures by @​ldez in golangci/golangci-lint-action#1321

Dependencies

• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot[bot] in golangci/golangci-lint-action#1317
• build(deps): bump actions/checkout from 5 to 6 by @​dependabot[bot] in golangci/golangci-lint-action#1318
• build(deps-dev): bump the dev-dependencies group with 3 updates by @​dependabot[bot] in golangci/golangci-lint-action#1323
• build(deps): bump yaml from 2.8.1 to 2.8.2 in the dependencies group by @​dependabot[bot] in golangci/golangci-lint-action#1324

Full Changelog: golangci/golangci-lint-action@v9.1.0...v9.2.0

v9.1.0

What's Changed

Changes

• feat: automatic module directories by @​ldez in golangci/golangci-lint-action#1315

Documentation

• docs: organize options by @​ldez in golangci/golangci-lint-action#1314

Dependencies

• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot[bot] in golangci/golangci-lint-action#1307
• build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 by @​dependabot[bot] in golangci/golangci-lint-action#1309
• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot[bot] in golangci/golangci-lint-action#1310
• build(deps): bump the dependencies group with 2 updates by @​dependabot[bot] in golangci/golangci-lint-action#1311

Full Changelog: golangci/golangci-lint-action@v9.0.0...v9.1.0

v9.0.0

In the scope of this release, we change Nodejs runtime from node20 to node24 (https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/).

What's Changed

Changes

• feat: add install-only option by @​ldez in golangci/golangci-lint-action#1305
• feat: support Module Plugin System by @​ldez in golangci/golangci-lint-action#1306

Full Changelog: golangci/golangci-lint-action@v8.0.0...v9.0.0

v8.0.0

Requires golangci-lint version >= v2.1.0

... (truncated)

Commits

• 1e7e51e build(deps): bump yaml from 2.8.1 to 2.8.2 in the dependencies group (#1324)
• 5256ff0 build(deps-dev): bump the dev-dependencies group with 3 updates (#1323)
• 13fed6f chore: update workflows
• 7afe8ff chore: update workflows
• 5a92899 chore: move samples into fixtures (#1321)
• aa6fad0 feat: add version-file option (#1320)
• a6071aa build(deps): bump actions/checkout from 5 to 6 (#1318)
• 6e36c84 build(deps-dev): bump the dev-dependencies group with 2 updates (#1317)
• e7fa5ac feat: automatic module directories (#1315)
• f3ae99f docs: organize options (#1314)
• Additional commits viewable in compare view

Updates gaurav-nelson/github-action-markdown-link-check from 1.0.16 to 1.0.17

Release notes

Sourced from gaurav-nelson/github-action-markdown-link-check's releases.

1.0.17

What's Changed

• Bump markdown-link-check to 3.13.7 by @​Okabe-Junya in gaurav-nelson/github-action-markdown-link-check#205

New Contributors

• @​Okabe-Junya made their first contribution in gaurav-nelson/github-action-markdown-link-check#205

Full Changelog: gaurav-nelson/github-action-markdown-link-check@1.0.16...1.0.17

Commits

• 3c3b66f Merge pull request #205 from Okabe-Junya/bump/markdown-link-check
• dd5abb6 bump markdown-link-check
• 9574206 Add bug report and feature request templates with Linkspector update
• See full diff in compare view

Updates tj-actions/changed-files from dcc7a0cba800f454d79fff4b993e8c3555bcc0a8 to 3d37a7ff08a7ce64b4cab9669eac39b0709cdac9

Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

47.0.5 - (2026-03-03)

🔄 Update

• Updated README.md (#2805)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (35dace0) - (github-actions[bot])

• Updated README.md (#2803)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (

[dependabot]

Labels

The following labels could not be found: area/ci. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[spectro-prow]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a spectrocloud member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[spectro-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
To complete the pull request process, please assign after the PR has been reviewed.
You can assign the PR to them by writing /assign in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[bulwark-spectrocloud]

⚠️ GoVulnCheck scan found vulnerabilities:

1. GO-2026-4394
   • Module: go.opentelemetry.io/otel/sdk
   • Found in: v1.28.0
   • Fixed in: v1.40.0
   • Example Traces:
     1. internal/topology/variables/clusterclass_variable_validation.go:28:2: variables.init calls validation.init, which eventually calls tracing.init
     2. cmd/clusterctl/client/repository/repository_gitlab.go:157:34: repository.GetFile calls http.Do, which eventually calls noop.Start
     3. cmd/clusterctl/client/repository/repository_gitlab.go:157:34: repository.GetFile calls http.Do, which eventually calls otelhttp.RoundTrip
     4. util/record/recorder.go:42:13: record.InitFromRecorder calls sync.Do, which eventually calls sync.doSlow
     5. cmd/clusterctl/client/repository/repository_gitlab.go:157:34: repository.GetFile calls http.Do, which eventually calls otelhttp.RoundTrip
2. GO-2025-3754
   • Module: github.com/cloudflare/circl
   • Found in: v1.3.7
   • Fixed in: v1.6.1
   • Example Traces:
     1. cmd/clusterctl/internal/test/fake_github.go:24:2: test.init calls github.init, which eventually calls ed25519.init
     2. cmd/clusterctl/internal/test/fake_github.go:24:2: test.init calls github.init, which eventually calls ecc.init
     3. cmd/clusterctl/internal/test/fake_github.go:24:2: test.init calls github.init, which eventually calls ecc.init
     4. cmd/clusterctl/internal/test/fake_github.go:24:2: test.init calls github.init, which eventually calls ecc.init
     5. cmd/clusterctl/internal/test/fake_github.go:24:2: test.init calls github.init, which eventually calls ed448.init
3. GO-2026-4550
   • Module: github.com/cloudflare/circl
   • Found in: v1.3.7
   • Fixed in: v1.6.3
   • Example Traces:
     1. cmd/clusterctl/internal/test/fake_github.go:24:2: test.init calls github.init, which eventually calls ed25519.init
     2. cmd/clusterctl/internal/test/fake_github.go:24:2: test.init calls github.init, which eventually calls ecc.init
     3. cmd/clusterctl/internal/test/fake_github.go:24:2: test.init calls github.init, which eventually calls ecc.init
     4. cmd/clusterctl/internal/test/fake_github.go:24:2: test.init calls github.init, which eventually calls ed448.init
     5. cmd/clusterctl/internal/test/fake_github.go:24:2: test.init calls github.init, which eventually calls x25519.init

Please review these findings and fix the issues before merging.

[bulwark-spectrocloud]

⚠️ GoSec scan found code issues:

1. G115: integer overflow conversion int64 -> int32, Severity: HIGH
   • 1. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/cluster/cluster_controller_status.go:107:63
   • 2. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/cluster/cluster_controller_status.go:104:70
   • 3. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/contract/types.go:129:22
   • 4. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/test/envtest/environment.go:93:47
   • 5. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machineset/machineset_controller_status.go:189:26
   • 6. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machineset/machineset_controller_status.go:123:26
   • 7. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machineset/machineset_controller.go:1211:28
   • 8. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machinehealthcheck/machinehealthcheck_controller.go:678:26
   • 9. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machinehealthcheck/machinehealthcheck_controller.go:666:27
   • 10. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machinehealthcheck/machinehealthcheck_controller.go:241:33
   • 11. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machinehealthcheck/machinehealthcheck_controller.go:226:35
   • 12. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machinedeployment/mdutil/util.go:726:14
   • 13. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machinedeployment/mdutil/util.go:655:58
   • 14. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machinedeployment/machinedeployment_sync.go:622:15
   • 15. File: /home/runner/_work/bulwark/bulwark/target-repo/internal/controllers/machinedeployment/machinedeployment_rollout_ondelete.go:122:29
   • ... (truncated), run gosec locally to capture all failure for the rule G115
2. G404: Use of weak random number generator (math/rand or math/rand/v2 instead of crypto/rand), Severity: HIGH
   • 1. File: /home/runner/_work/bulwark/bulwark/target-repo/util/util.go:61:8
   • 2. File: /home/runner/_work/bulwark/bulwark/target-repo/util/conversion/conversion.go:160:18
3. G402: TLS InsecureSkipVerify set to true., Severity: HIGH
   • 1. File: /home/runner/_work/bulwark/bulwark/target-repo/controlplane/kubeadm/internal/workload_cluster.go:469:62

Please review these findings and fix the issues before merging.