chore(deps): Bump the development-dependencies group with 4 updates by dependabot[bot] · Pull Request #148 · go-openapi/ci-workflows (original) (raw)

Bumps the development-dependencies group with 4 updates: dependabot/fetch-metadata, codecov/codecov-action, github/contributors and taiki-e/install-action.

Updates dependabot/fetch-metadata from 2.5.0 to 3.0.0

Release notes

Sourced from dependabot/fetch-metadata's releases.

v3.0.0

What's Changed

• feat: Parse versions from metadata links by @​ppkarwasz in dependabot/fetch-metadata#632
• Upgrade actions core and actions github packages by @​truggeri in dependabot/fetch-metadata#649
• docs: Add notes for using alert-lookup with App Token by @​sue445 in dependabot/fetch-metadata#656
• feat!: update Node.js version to v24 by @​sturman in dependabot/fetch-metadata#671
• Switch build tooling from ncc to esbuild by @​truggeri in dependabot/fetch-metadata#676
• Add --legal-comments=none to esbuild build commands by @​jeffwidman in dependabot/fetch-metadata#679
• Bump tsconfig target from es2022 to es2024 by @​jeffwidman in dependabot/fetch-metadata#680
• Remove vestigial outDir from tsconfig.json by @​jeffwidman in dependabot/fetch-metadata#681
• Switch tsconfig module resolution to bundler by @​jeffwidman in dependabot/fetch-metadata#682
• Remove skipLibCheck from tsconfig.json by @​jeffwidman in dependabot/fetch-metadata#683
• Add typecheck step to CI by @​jeffwidman in dependabot/fetch-metadata#685
• Enable noImplicitAny in tsconfig.json by @​jeffwidman in dependabot/fetch-metadata#684
• Upgrade @​actions/core to ^3.0.0 by @​truggeri in dependabot/fetch-metadata#677
• Upgrade @​actions/github to ^9.0.0 and @​octokit/request-error to ^7.1.0 by @​truggeri in dependabot/fetch-metadata#678
• Bump qs from 6.14.0 to 6.14.1 by @​dependabot[bot] in dependabot/fetch-metadata#651
• Bump hono from 4.11.1 to 4.11.4 by @​dependabot[bot] in dependabot/fetch-metadata#652
• Bump hono from 4.11.4 to 4.11.7 by @​dependabot[bot] in dependabot/fetch-metadata#653
• Bump hono from 4.11.7 to 4.12.0 by @​dependabot[bot] in dependabot/fetch-metadata#657
• Bump qs from 6.14.1 to 6.14.2 by @​dependabot[bot] in dependabot/fetch-metadata#655
• Bump @​modelcontextprotocol/sdk from 1.25.1 to 1.26.0 by @​dependabot[bot] in dependabot/fetch-metadata#654
• Bump @​hono/node-server from 1.19.9 to 1.19.10 by @​dependabot[bot] in dependabot/fetch-metadata#665
• Bump hono from 4.12.2 to 4.12.5 by @​dependabot[bot] in dependabot/fetch-metadata#664
• Bump minimatch from 3.1.2 to 3.1.5 by @​dependabot[bot] in dependabot/fetch-metadata#667
• Bump hono from 4.12.5 to 4.12.7 by @​dependabot[bot] in dependabot/fetch-metadata#668
• Bump actions/create-github-app-token from 2.2.1 to 3.0.0 by @​dependabot[bot] in dependabot/fetch-metadata#669
• Bump flatted from 3.3.3 to 3.4.2 by @​dependabot[bot] in dependabot/fetch-metadata#670
• build(deps-dev): bump picomatch from 2.3.1 to 2.3.2 by @​dependabot[bot] in dependabot/fetch-metadata#674

New Contributors

• @​ppkarwasz made their first contribution in dependabot/fetch-metadata#632
• @​truggeri made their first contribution in dependabot/fetch-metadata#649
• @​sue445 made their first contribution in dependabot/fetch-metadata#656
• @​sturman made their first contribution in dependabot/fetch-metadata#671

Full Changelog: dependabot/fetch-metadata@v2...v3.0.0

Commits

• ffa630c v3.0.0 (#686)
• ec8fff2 Merge pull request #674 from dependabot/dependabot/npm_and_yarn/picomatch-2.3.2
• caf48bd build(deps-dev): bump picomatch from 2.3.1 to 2.3.2
• 13d8274 Upgrade @​actions/github to ^9.0.0 and @​octokit/request-error to ^7.1.0 (#678)
• b603099 Upgrade @​actions/core from ^1.11.1 to ^3.0.0 (#677)
• c5dc5b1 Enable noImplicitAny in tsconfig.json (#684)
• a183f3c Add typecheck step to CI (#685)
• 5e17564 Remove skipLibCheck from tsconfig.json (#683)
• bb56eeb Switch tsconfig module resolution to bundler (#682)
• 3632e3d Remove vestigial outDir from tsconfig.json (#681)
• Additional commits viewable in compare view

Updates codecov/codecov-action from 5.5.3 to 6.0.0

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.0

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

• Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0"" by @​thomasrockhu-codecov in codecov/codecov-action#1929
• Th/6.0.0 by @​thomasrockhu-codecov in codecov/codecov-action#1928

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

v5.5.4

This is a mirror of v5.5.2. v6 will be released which requires node24

What's Changed

• Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" by @​thomasrockhu-codecov in codecov/codecov-action#1926
• chore(release): 5.5.4 by @​thomasrockhu-codecov in codecov/codecov-action#1927

Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

• fix: overwrite pr number on fork by @​thomasrockhu-codecov in codecov/codecov-action#1871
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​app/dependabot in codecov/codecov-action#1868
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​app/dependabot in codecov/codecov-action#1867
• fix: update to use local app/ dir by @​thomasrockhu-codecov in codecov/codecov-action#1872
• docs: fix typo in README by @​datalater in codecov/codecov-action#1866
• Document a codecov-cli version reference example by @​webknjaz in codecov/codecov-action#1774
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​app/dependabot in codecov/codecov-action#1861
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​app/dependabot in codecov/codecov-action#1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

• feat: upgrade wrapper to 0.2.4 by @​jviall in codecov/codecov-action#1864
• Pin actions/github-script by Git SHA by @​martincostello in codecov/codecov-action#1859
• fix: check reqs exist by @​joseph-sentry in codecov/codecov-action#1835
• fix: Typo in README by @​spalmurray in codecov/codecov-action#1838
• docs: Refine OIDC docs by @​spalmurray in codecov/codecov-action#1837
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​app/dependabot in codecov/codecov-action#1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

• build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @​app/dependabot in codecov/codecov-action#1822
• fix: OIDC on forks by @​joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

• 57e3a13 Th/6.0.0 (#1928)
• f67d33d Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0""...
• 75cd116 chore(release): 5.5.4 (#1927)
• 87d39f4 Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" (#1926)
• See full diff in compare view

Updates github/contributors from 2.0.4 to 2.0.5

Release notes

Sourced from github/contributors's releases.

v2.0.5

Changelog

🐛 Bug Fixes

• fix: prevent dev dependency downloads at runtime @​zkoppert (#434)
• fix: update harden-runner action to v2.16.0 due to security issue @​jmeridth (#435)
• fix: tighten workflow permissions, add security hardening, and fix uv tool invocations @​jmeridth (#431)

🧰 Maintenance

• chore(deps): bump requests from 2.32.5 to 2.33.0 @dependabot[bot] (#438)
• chore(deps): bump github-community-projects/contributors from 1.7.8 to 2.0.4 @dependabot[bot] (#437)
• chore(deps): bump kenyonj/mark-ready-when-ready from 33b13c51ba23786efb933701ef253352baf05bdd to b6279addd55dd13208965a9eff24b2cf1989a8ef @dependabot[bot] (#436)
• chore(deps): bump github/codeql-action from 3.32.6 to 4.32.6 @dependabot[bot] (#432)

See details of all code changes since previous release

Commits

• 24fd00b chore(deps): bump requests from 2.32.5 to 2.33.0 (#438)
• 21d639f chore(deps): bump github-community-projects/contributors (#437)
• cace48b chore(deps): bump kenyonj/mark-ready-when-ready (#436)
• 89f300f fix: prevent dev dependency downloads at runtime (#434)
• e3b0091 Merge pull request #435 from github-community-projects/jm_update_harden_runner
• 33b7483 fix: update harden-runner action to v2.16.0 due to security issue
• 042709d chore(deps): bump github/codeql-action from 3.32.6 to 4.32.6 (#432)
• faef7c7 fix: tighten workflow permissions, add security hardening, and fix uv tool in...
• See full diff in compare view

Updates taiki-e/install-action from 2.69.10 to 2.69.12

Release notes

Sourced from taiki-e/install-action's releases.

2.69.12

• Update uv@latest to 0.11.2.

2.69.11

• Update dprint@latest to 0.53.1.
• Update mise@latest to 2026.3.16.

Changelog

Sourced from taiki-e/install-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning.

[Unreleased]

• Update cargo-insta@latest to 1.47.0.

[2.69.12] - 2026-03-27

• Update uv@latest to 0.11.2.

[2.69.11] - 2026-03-26

• Update dprint@latest to 0.53.1.
• Update mise@latest to 2026.3.16.

[2.69.10] - 2026-03-25

• Update biome@latest to 2.4.9.
• Update mise@latest to 2026.3.15.

[2.69.9] - 2026-03-25

• Update uv@latest to 0.11.1.
• Update osv-scanner@latest to 2.3.5.
• Update mise@latest to 2026.3.14.

[2.69.8] - 2026-03-24

• Update just@latest to 1.48.0.
• Update uv@latest to 0.11.0.
• Update rclone@latest to 1.73.3.
• Update mise@latest to 2026.3.13.

[2.69.7] - 2026-03-23

... (truncated)

Commits

• 80a23c5 Release 2.69.12
• 5c17a31 Update uv@latest to 0.11.2
• 4bb73ac ci: Fix release workflow
• 80779d0 Release 2.69.11
• a69eea0 ci: Update to new release workflow
• 0ce9fed Update dprint@latest to 0.53.1
• c0f7516 Update mise@latest to 2026.3.16
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions