starred/act

Fork 0

mirror of https://github.com/nektos/act.git synced 2026-04-25 17:05:50 +03:00

[PR #6011] build(deps): bump the dependencies group across 1 directory with 12 updates #2660

New issue

Open

opened 2026-03-01 22:37:37 +03:00 by kerem · 0 comments

kerem commented

2026-03-01 22:37:37 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/nektos/act/pull/6011
Author: @dependabot[bot]
Created: 2/25/2026
Status: 🔄 Open

Base: master ← Head: dependabot/go_modules/dependencies-37e48349cd

📝 Commits (1)

7d2a0b4 build(deps): bump the dependencies group across 1 directory with 12 updates

📊 Changes

2 files changed (+84 additions, -71 deletions)

View changed files

📝 go.mod (+24 -23)
📝 go.sum (+60 -48)

📄 Description

Bumps the dependencies group with 12 updates in the / directory:

Package	From	To
github.com/docker/cli	`28.4.0+incompatible`	`29.2.1+incompatible`
github.com/docker/docker	`28.4.0+incompatible`	`28.5.2+incompatible`
github.com/go-git/go-billy/v5	`5.6.2`	`5.8.0`
github.com/go-git/go-git/v5	`5.16.5`	`5.17.0`
github.com/rhysd/actionlint	`1.7.7`	`1.7.11`
github.com/sirupsen/logrus	`1.9.3`	`1.9.4`
github.com/spf13/cobra	`1.10.1`	`1.10.2`
github.com/spf13/pflag	`1.0.9`	`1.0.10`
golang.org/x/term	`0.38.0`	`0.40.0`
github.com/golang-jwt/jwt/v5	`5.3.0`	`5.3.1`
github.com/moby/go-archive	`0.1.0`	`0.2.0`
google.golang.org/protobuf	`1.36.9`	`1.36.11`

Updates github.com/docker/cli from 28.4.0+incompatible to 29.2.1+incompatible

Commits

a5c7197 Merge pull request #6772 from thaJeztah/cleanup_testfile
435384f Merge pull request #6773 from thaJeztah/improve_mountopts
df3e923 opts: MountOpt: extract utility functions and don't set empty values
d781df8 opts: MountOpt: extract validation to a separate function
f35fb0f cli/command: TestGetDefaultAuthConfig: cleanup test file
fe1af92 opts: MountOpt: improve validation of boolean values
5de99e6 opts: MountOpt: improve validation for whitespace in values
9620e41 opts: MountOpt: improve validation for whitespace in options
e888a6e opts: remove outdated comment
b22f1ae Merge pull request #6771 from thaJeztah/allow_empty_target
Additional commits viewable in compare view

Updates github.com/docker/docker from 28.4.0+incompatible to 28.5.2+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v28.5.2

28.5.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 28.5.2 milestone

moby/moby, 28.5.2 milestone

[!CAUTION] This release contains fixes for three high-severity security vulnerabilities in runc:

CVE-2025-31133

CVE-2025-52565

CVE-2025-52881

All three vulnerabilities ultimately allow (through different methods) for full container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files.

Packaging updates

Update runc to v1.3.3. moby/moby#51394

Bug fixes and enhancements

dockerd-rootless.sh: if slirp4netns is not installed, try using pasta (passt). moby/moby#51162

Update Go runtime to 1.24.9. moby/moby#51387, docker/cli#6613

Deprecations

Go-SDK: cli/command/image/build: deprecate DefaultDockerfileName, DetectArchiveReader, WriteTempDockerfile, ResolveAndValidateContextPath. These utilities were only used internally and will be removed in the next release. docker/cli#6610

Go-SDK: cli/command/image/build: deprecate IsArchive utility. docker/cli#6560

Go-SDK: opts: deprecate ValidateMACAddress. docker/cli#6560

Go-SDK: opts: deprecate ListOpts.Delete(). docker/cli#6560

v28.5.1

28.5.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 28.5.1 milestone

moby/moby, 28.5.1 milestone

Deprecated and removed features, see Deprecated Features.

Changes to the Engine API, see API version history.

Bug fixes and enhancements

Update BuildKit to v0.25.1. moby/moby#51137

Update Go runtime to 1.24.8. moby/moby#51133, docker/cli#6541

Deprecations

api/types/image: InspectResponse: deprecate Parent and DockerVersion fields. moby/moby#51105

api/types/plugin: deprecate Config.DockerVersion field. moby/moby#51110

... (truncated)

Commits

89c5e8f Merge pull request #51396 from thaJeztah/28.x_backport_api_docs
9b93878 Merge pull request #51395 from thaJeztah/28.x_backport_rootless_reject
6178456 Merge pull request #51398 from vvoland/51397-28.x
0cae4e5 vendor: github.com/moby/buildkit v0.25.2
33cc06f Merge pull request #51394 from vvoland/51393-28.x
d525277 api/docs: remove BuildCache.Parent field for API v1.42 and up
2fbc51b dockerd-rootless.sh: reject DOCKERD_ROOTLESS_ROOTLESSKIT_NET=host
bd98008 integration-cli: Adjust nofile limits
1967515 Dockerfile: update runc binary to v1.3.3
4489660 Merge pull request #51387 from thaJeztah/28.x_bump_go
Additional commits viewable in compare view

Updates github.com/go-git/go-billy/v5 from 5.6.2 to 5.8.0

Release notes

Sourced from github.com/go-git/go-billy/v5's releases.

v5.8.0

What's Changed

build: Update module golang.org/x/net to v0.45.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-billy#183

v5: Ensure Chmod behaviour across BoundOS and ChrootOS by @pjbgf in go-git/go-billy#187

Full Changelog: https://github.com/go-git/go-billy/compare/v5.7.0...v5.8.0

v5.7.0

What's Changed

Add support for Chmod on billy.Filesystem by @bitfehler in go-git/go-billy#171

build: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-billy#177

Full Changelog: https://github.com/go-git/go-billy/compare/v5.6.2...v5.7.0

Commits

8662784 Merge pull request #187 from pjbgf/windows-rename
f387d62 build: Update test workflow to rely on oldstable/stable
915dae9 polyfill: Add support for Chmod
f3d5600 osfs: Create dir for BoundOS Tempfiles
247a741 Merge pull request #183 from go-git/renovate/releases/v5.x-go-golang.org-x-ne...
1c0c9d5 build: Update module golang.org/x/net to v0.45.0 [SECURITY]
cc50ee7 Merge pull request #177 from go-git/renovate/releases/v5.x-go-golang.org-x-ne...
c3a9003 build: Update module golang.org/x/net to v0.38.0 [SECURITY]
9263834 Merge pull request #171 from bitfehler/releases/v5.x
94b84fc Add support for Chmod on billy.Filesystem
See full diff in compare view

Updates github.com/go-git/go-git/v5 from 5.16.5 to 5.17.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.17.0

What's Changed

build: Update module github.com/go-git/go-git/v5 to v5.16.5 [SECURITY] (releases/v5.x) by @go-git-renovate[bot] in go-git/go-git#1839

git: worktree, optimize infiles function for very large repos by @k-anshul in go-git/go-git#1853

git: Add strict checks for supported extensions by @pjbgf in go-git/go-git#1861

backport, git: Improve Status() speed with new index.ModTime check by @cedric-appdirect in go-git/go-git#1862

storage: filesystem, Avoid overwriting loose obj files by @pjbgf in go-git/go-git#1864

Full Changelog: https://github.com/go-git/go-git/compare/v5.16.5...v5.17.0

Commits

bdf0688 Merge pull request #1864 from pjbgf/v5-issue-55
5290e52 storage: filesystem, Avoid overwriting loose obj files. Fixes #55
5d20a62 storage: filesystem, Fix permissions for loose and packed objs
8ed442c backport, git: Improve Status() speed with new index.ModTime check (#1862)
c7b5960 build: Align test workflow with main
8e71edf git: Add strict checks for supported extensions
438a37f git: worktree, optimize infiles function for very large repos (#1853)
67c7006 Merge pull request #1839 from go-git/renovate/releases/v5.x-go-github.com-go-...
4ca3f02 build: Update module github.com/go-git/go-git/v5 to v5.16.5 [SECURITY]
See full diff in compare view

Updates github.com/rhysd/actionlint from 1.7.7 to 1.7.11

Release notes

Sourced from github.com/rhysd/actionlint's releases.

v1.7.11
Support the case() function in ${{ }} expressions which was recently added to GitHub Actions. (#612, #614, thanks @heppu)
env:
  # ERROR: case() requires an odd number of arguments
  ENVIRONMENT: |-
    ${{ case(
      github.ref == 'refs/heads/main', 'production',
      github.ref == 'refs/heads/staging', 'staging'
    ) }}
Support new macos-26-large and windows-2025-vs2026 runner labels. See the GitHub's announce for more details. (#615, thanks @hugovk and @muzimuzhi)
Enable Artifact attestations for the released binaries. From v1.7.11 gh command can verify the integrity of the downloaded binaries as follows. The verification is highly recommended in terms of supply chain security. (#608, thanks @takaram)
$ gh release download --repo rhysd/actionlint --pattern '*_darwin_amd64.tar.gz' v1.7.11
$ gh attestation verify --repo rhysd/actionlint actionlint_1.7.11_darwin_amd64.tar.gz
Loaded digest sha256:17ffc17fed8f0258ef6ad4aed932d3272464c7ef7d64e1cb0d65aa97c9752107 for file://actionlint_1.7.11_darwin_amd64.tar.gz
Loaded 1 attestation from GitHub API
The following policy criteria will be enforced:

Predicate type must match:................ https://slsa.dev/provenance/v1
Source Repository Owner URI must match:... https://github.com/rhysd
Source Repository URI must match:......... https://github.com/rhysd/actionlint
Subject Alternative Name must match regex: (?i)^https://github.com/rhysd/actionlint/
OIDC Issuer must match:................... https://token.actions.githubusercontent.com

✓ Verification succeeded!
The following 1 attestation matched the policy criteria

Attestation #1

Build repo:..... rhysd/actionlint
Build workflow:. .github/workflows/release.yaml@refs/tags/v1.7.11
Signer repo:.... rhysd/actionlint
Signer workflow: .github/workflows/release.yaml@refs/tags/v1.7.11
Report path filters with ./ as error because they never match anything. (#521)
on:
  push:
    paths:
      # ERROR: This never matches anything. `foo/bar.txt` is correct.
      - ./foo/bar.txt
Fix comparing matrix items when an item is a super set of another item. (#523, #613, thanks @michaelgruenewald)

Fix stack overflow crash by a recursive anchor in matrix items. (#610)

Fix an unassigned variable false positive from shellcheck by disabling SC2153 rule. (#573)

Reduce the number of memory allocations on resolving anchors.

Update the popular actions data set to the latest.

Update Go dependencies to the latest.

... (truncated)

Changelog

Sourced from github.com/rhysd/actionlint's changelog.

v1.7.11 - 2026-02-14
Support the case() function in ${{ }} expressions which was recently added to GitHub Actions. (#612, #614, thanks @heppu)
env:
  # ERROR: case() requires an odd number of arguments
  ENVIRONMENT: |-
    ${{ case(
      github.ref == 'refs/heads/main', 'production',
      github.ref == 'refs/heads/staging', 'staging'
    ) }}
Support new macos-26-large and windows-2025-vs2026 runner labels. See the GitHub's announce for more details. (#615, thanks @hugovk and @muzimuzhi)
Enable Artifact attestations for the released binaries. From v1.7.11 gh command can verify the integrity of the downloaded binaries as follows. The verification is highly recommended in terms of supply chain security. (#608, thanks @takaram)
$ gh release download --repo rhysd/actionlint --pattern '*_darwin_amd64.tar.gz' v1.7.11
$ gh attestation verify --repo rhysd/actionlint actionlint_1.7.11_darwin_amd64.tar.gz
Loaded digest sha256:17ffc17fed8f0258ef6ad4aed932d3272464c7ef7d64e1cb0d65aa97c9752107 for file://actionlint_1.7.11_darwin_amd64.tar.gz
Loaded 1 attestation from GitHub API
The following policy criteria will be enforced:

Predicate type must match:................ https://slsa.dev/provenance/v1
Source Repository Owner URI must match:... https://github.com/rhysd
Source Repository URI must match:......... https://github.com/rhysd/actionlint
Subject Alternative Name must match regex: (?i)^https://github.com/rhysd/actionlint/
OIDC Issuer must match:................... https://token.actions.githubusercontent.com

✓ Verification succeeded!
The following 1 attestation matched the policy criteria

Attestation #1

Build repo:..... rhysd/actionlint
Build workflow:. .github/workflows/release.yaml@refs/tags/v1.7.11
Signer repo:.... rhysd/actionlint
Signer workflow: .github/workflows/release.yaml@refs/tags/v1.7.11
Report path filters with ./ because they never match anything. (#521)
on:
  push:
    paths:
      # ERROR: This never matches anything. `foo/bar.txt` is correct.
      - ./foo/bar.txt
Fix comparing matrix items when an item is a super set of another item. (#523, #613, thanks @michaelgruenewald)

Fix stack overflow crash by a recursive anchor in matrix items. (#610)

Fix a unassigned variable false positive from shellcheck by disabling SC2153 rule. (#573)

Reduce the number of memory allocations on resolving anchors.

Update the popular actions data set to the latest.

... (truncated)

Commits

393031a bump up version to v1.7.11
63589e8 add link to the release note of the version in playground heading
58a2626 remove legacy Homebrew formula
d22c104 fix test script for download script to check error case failures
50d2134 describe how to download and verify artifact using gh (fix #617)
226bb4a update playground npm deps including jsdom v28
1e85edb disable SC2153 shellcheck rule to avoid unassigned variable false positive (f...
8776d64 Merge pull request #619 from takaram/patch-1
e3eb8cb reduce memory allocations on resolving anchors
db08cec Fix variable name in release workflow
Additional commits viewable in compare view

Updates github.com/sirupsen/logrus from 1.9.3 to 1.9.4

Release notes

Sourced from github.com/sirupsen/logrus's releases.

v1.9.4

Notable changes

go.mod: update minimum supported go version to v1.17 sirupsen/logrus#1460

go.mod: bump up dependencies sirupsen/logrus#1460

Touch-up godoc and add "doc" links.

README: fix links, grammar, and update examples.

Add GNU/Hurd support sirupsen/logrus#1364

Add WASI wasip1 support sirupsen/logrus#1388

Remove uses of deprecated ioutil package sirupsen/logrus#1472

CI: update actions and golangci-lint sirupsen/logrus#1459

CI: remove appveyor, add macOS sirupsen/logrus#1460

Full Changelog: https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4

Commits

b61f268 Merge pull request #1472 from goldlinker/master
15c29db refactor: replace the deprecated function in the ioutil package
cb253f3 Merge pull request #1464 from thaJeztah/touchup_godoc
29b2337 Merge pull request #1468 from thaJeztah/touchup_readme
d916819 Merge pull request #1427 from dolmen/fix-testify-usage
135e482 README: small touch-ups
2c5fa36 Merge pull request #1467 from thaJeztah/rm_old_badge
877ecec README: remove travis badge
55cf256 Merge pull request #1393 from jsoref/grammar
21bae50 Merge pull request #1426 from dolmen/testing-fix-use-of-math-rand
Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.10.1 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

Fix linter and allow CI to pass by @marckhouzam in spf13/cobra#2327

fix: actions/setup-go v6 by @jpmcb in spf13/cobra#2337

🔥✍🏼 Docs

Add documentation for repeated flags functionality by @rvergis in spf13/cobra#2316

🍂 Refactors

refactor: replace several vars with consts by @htoyoda18 in spf13/cobra#2328

refactor: change minUsagePadding from var to const by @ssam18 in spf13/cobra#2325

🤗 New Contributors

@rvergis made their first contribution in spf13/cobra#2316

@htoyoda18 made their first contribution in spf13/cobra#2328

@ssam18 made their first contribution in spf13/cobra#2325

@dims made their first contribution in spf13/cobra#2336

Full Changelog: https://github.com/spf13/cobra/compare/v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

Commits

88b30ab chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#2336)
346d408 fix: actions/setup-go v6 (#2337)
fc81d20 refactor: change minUsagePadding from var to const (#2325)
117698a refactor: replace several vars with consts (#2328)
e2dd29d Add documentation for repeated flags functionality (#2316)
0629892 Fix linter (#2327)
See full diff in compare view

Updates github.com/spf13/pflag from 1.0.9 to 1.0.10

Release notes

Sourced from github.com/spf13/pflag's releases.

v1.0.10

What's Changed

fix deprecation comment for (FlagSet.)ParseErrorsWhitelist by @thaJeztah in spf13/pflag#447

remove uses of errors.Is, which requires go1.13, move go1.16/go1.21 tests to separate file by @thaJeztah in spf13/pflag#448

New Contributors

@thaJeztah made their first contribution in spf13/pflag#447

Full Changelog: https://github.com/spf13/pflag/compare/v1.0.9...v1.0.10

Commits

0491e57 Merge pull request #448 from thaJeztah/fix_go_version
72abab1 Merge pull request #447 from thaJeztah/fix_deprecation_comment
7e4dfb1 Test on Go 1.12
18a9d17 move Func, BoolFunc, tests as they require go1.21
c5b9e98 remove uses of errors.Is, which requires go1.13
45a4873 fix deprecation comment for (FlagSet.)ParseErrorsWhitelist
See full diff in compare view

Updates golang.org/x/term from 0.38.0 to 0.40.0

Commits

3aff304 go.mod: update golang.org/x dependencies
a7e5b04 go.mod: update golang.org/x dependencies
943f25d x/term: handle transpose
9b991dd x/term: handle delete key
See full diff in compare view

Updates github.com/golang-jwt/jwt/v5 from 5.3.0 to 5.3.1

Release notes

Sourced from github.com/golang-jwt/jwt/v5's releases.

v5.3.1

What's Changed

🔐 Features

Add spellcheck Github action to catch common spelling mistakes by @equalsgibson in golang-jwt/jwt#458

Add WithNotBeforeRequired parser option and add test coverage by @equalsgibson in golang-jwt/jwt#456

Update godoc example func to properly refer to NewWithClaims() by @equalsgibson in golang-jwt/jwt#459

Update github workflows by @mfridman in golang-jwt/jwt#462

Additional test for CustomClaims that validates unmarshalling behaviour by @equalsgibson in golang-jwt/jwt#457

Fix early file close in jwt cli by @mfridman in golang-jwt/jwt#472

Add TPM signature reference by @salrashid123 in golang-jwt/jwt#473

Remove misleading ParserOptions documentation in golang-jwt/jwt#484

Save signature to Token struct after successful signing by @EgorSheff in golang-jwt/jwt#417

Set token.Signature in ParseUnverified by @slickwilli in golang-jwt/jwt#414

👒 Dependencies

Bump crate-ci/typos from 1.34.0 to 1.35.3 by @dependabot[bot] in golang-jwt/jwt#461

Bump crate-ci/typos from 1.35.4 to 1.36.2 by @dependabot[bot] in golang-jwt/jwt#470

Bump github/codeql-action from 3 to 4 by @dependabot[bot] in golang-jwt/jwt#478

Bump crate-ci/typos from 1.36.2 to 1.39.0 by @dependabot[bot] in golang-jwt/jwt#480

Bump golangci/golangci-lint-action from 8 to 9 by @dependabot[bot] in golang-jwt/jwt#481

Bump actions/setup-go from 5 to 6 by @dependabot[bot] in golang-jwt/jwt#469

Bump crate-ci/typos from 1.39.0 to 1.40.0 by @dependabot[bot] in golang-jwt/jwt#488

Bump actions/checkout from 5 to 6 by @dependabot[bot] in golang-jwt/jwt#487

Bump crate-ci/typos from 1.40.0 to 1.41.0 by @dependabot[bot] in golang-jwt/jwt#490

Bump crate-ci/typos from 1.41.0 to 1.42.1 by @dependabot[bot] in golang-jwt/jwt#492

New Contributors

@equalsgibson made their first contribution in golang-jwt/jwt#458

@salrashid123 made their first contribution in golang-jwt/jwt#473

@EgorSheff made their first contribution in golang-jwt/jwt#417

@slickwilli made their first contribution in golang-jwt/jwt#414

Full Changelog: https://github.com/golang-jwt/jwt/compare/v5.3.0...v5.3.1

Commits

7ceae61 Add release.yml for changelog configuration
dce8e4d Set token.Signature in ParseUnverified (#414)
8889e20 Save signature to Token struct after successful signing (#417)
d237f82 ci: update github-actions schedule interval to monthly
d8dce95 Bump crate-ci/typos from 1.41.0 to 1.42.1 (#492)
e931803 Bump crate-ci/typos from 1.40.0 to 1.41.0 (#490)
e6a0afa Bump actions/checkout from 5 to 6 (#487)
9f85c9e Bump crate-ci/typos from 1.39.0 to 1.40.0 (#488)
60a8669 Bump actions/setup-go from 5 to 6 (#469)
76f5828 Remove misleading ParserOptions documentation (#484)
Additional commits viewable in compare view

Updates github.com/moby/go-archive from 0.1.0 to 0.2.0

Release notes

Sourced from github.com/moby/go-archive's releases.

v0.2.0

What's Changed

remove aliases for deprecated types and functions moby/go-archive#10

chrootarchive: remove redundant "init" mitigation for CVE-2019-14271 moby/go-archive#11

xattr: Fix OS matching moby/go-archive#20

TestOverlayTarUntar: remove redundant cmpopts.EquateEmpty moby/go-archive#9

go.mod: bump github.com/klauspost/compress v1.18.2 moby/go-archive#19

gha: update actions moby/go-archive#18

Full Changelog: https://github.com/moby/go-archive/compare/v0.1.0...v0.2.0

Commits

263611f Merge pull request #20 from thaJeztah/carry_17
a1d4e73 Merge pull request #18 from thaJeztah/bump_gha
da4e566 xattr: Fix OS matching.
df87f45 Merge pull request #19 from thaJeztah/bump_deps
8996f22 gha: update CodeQL Action to v4
985c60f gha: codeql: use go stable
4752b25 gha: update actions/setup-go@v6
280f775 gha: update actions/checkout@v6
4c912d3 gha: update golangci/golangci-lint-action@v9
2cd730e go.mod: bump github.com/klauspost/compress v1.18.2
Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.36.9 to 1.36.11

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/nektos/act/pull/6011 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 2/25/2026 **Status:** 🔄 Open **Base:** `master` ← **Head:** `dependabot/go_modules/dependencies-37e48349cd` --- ### 📝 Commits (1) - [`7d2a0b4`](https://github.com/nektos/act/commit/7d2a0b48092d544c401f4267f6a268e74a561674) build(deps): bump the dependencies group across 1 directory with 12 updates ### 📊 Changes **2 files changed** (+84 additions, -71 deletions) <details> <summary>View changed files</summary> 📝 `go.mod` (+24 -23) 📝 `go.sum` (+60 -48) </details> ### 📄 Description Bumps the dependencies group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/docker/cli](https://github.com/docker/cli) | `28.4.0+incompatible` | `29.2.1+incompatible` | | [github.com/docker/docker](https://github.com/docker/docker) | `28.4.0+incompatible` | `28.5.2+incompatible` | | [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy) | `5.6.2` | `5.8.0` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.16.5` | `5.17.0` | | [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint) | `1.7.7` | `1.7.11` | | [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) | `1.9.3` | `1.9.4` | | [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.10.1` | `1.10.2` | | [github.com/spf13/pflag](https://github.com/spf13/pflag) | `1.0.9` | `1.0.10` | | [golang.org/x/term](https://github.com/golang/term) | `0.38.0` | `0.40.0` | | [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) | `5.3.0` | `5.3.1` | | [github.com/moby/go-archive](https://github.com/moby/go-archive) | `0.1.0` | `0.2.0` | | google.golang.org/protobuf | `1.36.9` | `1.36.11` | Updates `github.com/docker/cli` from 28.4.0+incompatible to 29.2.1+incompatible <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/cli/commit/a5c7197d720daef7d8b9e6174ee78c0743cea166"><code>a5c7197</code></a> Merge pull request <a href="https://redirect.github.com/docker/cli/issues/6772">#6772</a> from thaJeztah/cleanup_testfile</li> <li><a href="https://github.com/docker/cli/commit/435384fa29cdc36ee3fac0c2afdff2eafb1a26c3"><code>435384f</code></a> Merge pull request <a href="https://redirect.github.com/docker/cli/issues/6773">#6773</a> from thaJeztah/improve_mountopts</li> <li><a href="https://github.com/docker/cli/commit/df3e9237d74c47f6dc07b88cf4ce81615f8870cf"><code>df3e923</code></a> opts: MountOpt: extract utility functions and don't set empty values</li> <li><a href="https://github.com/docker/cli/commit/d781df8b530c8b6703e123b43f1c3b793854f736"><code>d781df8</code></a> opts: MountOpt: extract validation to a separate function</li> <li><a href="https://github.com/docker/cli/commit/f35fb0f5a6f0319e36fe055e016222b56fc6eb95"><code>f35fb0f</code></a> cli/command: TestGetDefaultAuthConfig: cleanup test file</li> <li><a href="https://github.com/docker/cli/commit/fe1af9206c8863b72d99ce6e4c93ef2e5b9b2ccd"><code>fe1af92</code></a> opts: MountOpt: improve validation of boolean values</li> <li><a href="https://github.com/docker/cli/commit/5de99e6726d959973aa5148180a493d24420da4e"><code>5de99e6</code></a> opts: MountOpt: improve validation for whitespace in values</li> <li><a href="https://github.com/docker/cli/commit/9620e4178d9a6eb05a374ed821ea0c8d47015eb4"><code>9620e41</code></a> opts: MountOpt: improve validation for whitespace in options</li> <li><a href="https://github.com/docker/cli/commit/e888a6e009591ce1b50afa74d941aaabaeff0047"><code>e888a6e</code></a> opts: remove outdated comment</li> <li><a href="https://github.com/docker/cli/commit/b22f1aef483a3c3ff234521a3873e66badcf89f0"><code>b22f1ae</code></a> Merge pull request <a href="https://redirect.github.com/docker/cli/issues/6771">#6771</a> from thaJeztah/allow_empty_target</li> <li>Additional commits viewable in <a href="https://github.com/docker/cli/compare/v28.4.0...v29.2.1">compare view</a></li> </ul> </details> <br /> Updates `github.com/docker/docker` from 28.4.0+incompatible to 28.5.2+incompatible <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v28.5.2</h2> <h2>28.5.2</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.5.2">docker/cli, 28.5.2 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.5.2">moby/moby, 28.5.2 milestone</a></li> </ul> <blockquote> <p>[!CAUTION] This release contains fixes for three high-severity security vulnerabilities in runc:</p> <ul> <li><a href="https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2">CVE-2025-31133</a></li> <li><a href="https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r">CVE-2025-52565</a></li> <li><a href="https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm">CVE-2025-52881</a></li> </ul> <p>All three vulnerabilities ultimately allow (through different methods) for full container breakouts by bypassing runc's restrictions for writing to arbitrary <code>/proc</code> files.</p> </blockquote> <h3>Packaging updates</h3> <ul> <li>Update runc to <a href="https://github.com/opencontainers/runc/releases/tag/v1.3.3">v1.3.3</a>. <a href="https://redirect.github.com/moby/moby/pull/51394">moby/moby#51394</a></li> </ul> <h3>Bug fixes and enhancements</h3> <ul> <li>dockerd-rootless.sh: if slirp4netns is not installed, try using pasta (passt). <a href="https://redirect.github.com/moby/moby/pull/51162">moby/moby#51162</a></li> <li>Update Go runtime to <a href="https://go.dev/doc/devel/release#go1.24.9">1.24.9</a>. <a href="https://redirect.github.com/moby/moby/pull/51387">moby/moby#51387</a>, <a href="https://redirect.github.com/docker/cli/pull/6613">docker/cli#6613</a></li> </ul> <h3>Deprecations</h3> <ul> <li>Go-SDK: cli/command/image/build: deprecate <code>DefaultDockerfileName</code>, <code>DetectArchiveReader</code>, <code>WriteTempDockerfile</code>, <code>ResolveAndValidateContextPath</code>. These utilities were only used internally and will be removed in the next release. <a href="https://redirect.github.com/docker/cli/pull/6610">docker/cli#6610</a></li> <li>Go-SDK: cli/command/image/build: deprecate IsArchive utility. <a href="https://redirect.github.com/docker/cli/pull/6560">docker/cli#6560</a></li> <li>Go-SDK: opts: deprecate <code>ValidateMACAddress</code>. <a href="https://redirect.github.com/docker/cli/pull/6560">docker/cli#6560</a></li> <li>Go-SDK: opts: deprecate ListOpts.Delete(). <a href="https://redirect.github.com/docker/cli/pull/6560">docker/cli#6560</a></li> </ul> <h2>v28.5.1</h2> <h2>28.5.1</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.5.1">docker/cli, 28.5.1 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.5.1">moby/moby, 28.5.1 milestone</a></li> <li>Deprecated and removed features, see <a href="https://github.com/docker/cli/blob/v28.5.1/docs/deprecated.md">Deprecated Features</a>.</li> <li>Changes to the Engine API, see <a href="https://github.com/moby/moby/blob/v28.5.1/docs/api/version-history.md">API version history</a>.</li> </ul> <h3>Bug fixes and enhancements</h3> <ul> <li>Update BuildKit to v0.25.1. <a href="https://redirect.github.com/moby/moby/pull/51137">moby/moby#51137</a></li> <li>Update Go runtime to <a href="https://go.dev/doc/devel/release#go1.24.8">1.24.8</a>. <a href="https://redirect.github.com/moby/moby/pull/51133">moby/moby#51133</a>, <a href="https://redirect.github.com/docker/cli/pull/6541">docker/cli#6541</a></li> </ul> <h3>Deprecations</h3> <ul> <li>api/types/image: InspectResponse: deprecate <code>Parent</code> and <code>DockerVersion</code> fields. <a href="https://redirect.github.com/moby/moby/pull/51105">moby/moby#51105</a></li> <li>api/types/plugin: deprecate <code>Config.DockerVersion</code> field. <a href="https://redirect.github.com/moby/moby/pull/51110">moby/moby#51110</a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/moby/moby/commit/89c5e8fd66634b6128fc4c0e6f1236e2540e46e0"><code>89c5e8f</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/51396">#51396</a> from thaJeztah/28.x_backport_api_docs</li> <li><a href="https://github.com/moby/moby/commit/9b93878308cae892878febfa52ff0b5799bea7b0"><code>9b93878</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/51395">#51395</a> from thaJeztah/28.x_backport_rootless_reject</li> <li><a href="https://github.com/moby/moby/commit/6178456763b64c360983c5a5ea35d4258171e91c"><code>6178456</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/51398">#51398</a> from vvoland/51397-28.x</li> <li><a href="https://github.com/moby/moby/commit/0cae4e5c8f76756eaba81dbd23ef57fccac3033f"><code>0cae4e5</code></a> vendor: github.com/moby/buildkit v0.25.2</li> <li><a href="https://github.com/moby/moby/commit/33cc06f6169ddba8f00c50a8c12494b54b1cb2fc"><code>33cc06f</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/51394">#51394</a> from vvoland/51393-28.x</li> <li><a href="https://github.com/moby/moby/commit/d525277410726d5f99e46b8b2ba60ea9b7011afa"><code>d525277</code></a> api/docs: remove BuildCache.Parent field for API v1.42 and up</li> <li><a href="https://github.com/moby/moby/commit/2fbc51b4f895c75749896bf4655f7888a300bb9d"><code>2fbc51b</code></a> dockerd-rootless.sh: reject DOCKERD_ROOTLESS_ROOTLESSKIT_NET=host</li> <li><a href="https://github.com/moby/moby/commit/bd98008c078ab4a4d99f0c1577e641dbfe191cfd"><code>bd98008</code></a> integration-cli: Adjust nofile limits</li> <li><a href="https://github.com/moby/moby/commit/19675151a3d3b947501fcad1dcacbd00e6f4b23e"><code>1967515</code></a> Dockerfile: update runc binary to v1.3.3</li> <li><a href="https://github.com/moby/moby/commit/44896604b8f50d9ba38199c25ed2c7d2d40318a7"><code>4489660</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/51387">#51387</a> from thaJeztah/28.x_bump_go</li> <li>Additional commits viewable in <a href="https://github.com/docker/docker/compare/v28.4.0...v28.5.2">compare view</a></li> </ul> </details> <br /> Updates `github.com/go-git/go-billy/v5` from 5.6.2 to 5.8.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/go-git/go-billy/releases">github.com/go-git/go-billy/v5's releases</a>.</em></p> <blockquote> <h2>v5.8.0</h2> <h2>What's Changed</h2> <ul> <li>build: Update module golang.org/x/net to v0.45.0 [SECURITY] (releases/v5.x) by <a href="https://github.com/go-git-renovate"><code>@go-git-renovate</code></a>[bot] in <a href="https://redirect.github.com/go-git/go-billy/pull/183">go-git/go-billy#183</a></li> <li>v5: Ensure Chmod behaviour across BoundOS and ChrootOS by <a href="https://github.com/pjbgf"><code>@pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-billy/pull/187">go-git/go-billy#187</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-billy/compare/v5.7.0...v5.8.0">https://github.com/go-git/go-billy/compare/v5.7.0...v5.8.0</a></p> <h2>v5.7.0</h2> <h2>What's Changed</h2> <ul> <li>Add support for Chmod on billy.Filesystem by <a href="https://github.com/bitfehler"><code>@bitfehler</code></a> in <a href="https://redirect.github.com/go-git/go-billy/pull/171">go-git/go-billy#171</a></li> <li>build: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by <a href="https://github.com/go-git-renovate"><code>@go-git-renovate</code></a>[bot] in <a href="https://redirect.github.com/go-git/go-billy/pull/177">go-git/go-billy#177</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-billy/compare/v5.6.2...v5.7.0">https://github.com/go-git/go-billy/compare/v5.6.2...v5.7.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/go-git/go-billy/commit/8662784198181209e3a42818bf7ce0258cb4051c"><code>8662784</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-billy/issues/187">#187</a> from pjbgf/windows-rename</li> <li><a href="https://github.com/go-git/go-billy/commit/f387d628df9e56fa13191533ee2c43bda7030a9c"><code>f387d62</code></a> build: Update test workflow to rely on oldstable/stable</li> <li><a href="https://github.com/go-git/go-billy/commit/915dae978faa5f077101122e245d57b306b58fa1"><code>915dae9</code></a> polyfill: Add support for Chmod</li> <li><a href="https://github.com/go-git/go-billy/commit/f3d5600c64b7720b5de481e89030e100bae4c974"><code>f3d5600</code></a> osfs: Create dir for BoundOS Tempfiles</li> <li><a href="https://github.com/go-git/go-billy/commit/247a741aba43fec238f79eb4586dcbdbd4ac9d93"><code>247a741</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-billy/issues/183">#183</a> from go-git/renovate/releases/v5.x-go-golang.org-x-ne...</li> <li><a href="https://github.com/go-git/go-billy/commit/1c0c9d5a15094d8306293c727a3ca2e3cee5af68"><code>1c0c9d5</code></a> build: Update module golang.org/x/net to v0.45.0 [SECURITY]</li> <li><a href="https://github.com/go-git/go-billy/commit/cc50ee75c06c917f097a7ea5f1e3cbb21b7b8e0a"><code>cc50ee7</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-billy/issues/177">#177</a> from go-git/renovate/releases/v5.x-go-golang.org-x-ne...</li> <li><a href="https://github.com/go-git/go-billy/commit/c3a90034ee126d2f28feaf9cd8e241a70e19a51b"><code>c3a9003</code></a> build: Update module golang.org/x/net to v0.38.0 [SECURITY]</li> <li><a href="https://github.com/go-git/go-billy/commit/9263834eec5f778f6991567928e9c4bcfab2c78f"><code>9263834</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-billy/issues/171">#171</a> from bitfehler/releases/v5.x</li> <li><a href="https://github.com/go-git/go-billy/commit/94b84fc5c88ca2d2c1e07bd4e4260dee80575ec7"><code>94b84fc</code></a> Add support for Chmod on billy.Filesystem</li> <li>See full diff in <a href="https://github.com/go-git/go-billy/compare/v5.6.2...v5.8.0">compare view</a></li> </ul> </details> <br /> Updates `github.com/go-git/go-git/v5` from 5.16.5 to 5.17.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/go-git/go-git/releases">github.com/go-git/go-git/v5's releases</a>.</em></p> <blockquote> <h2>v5.17.0</h2> <h2>What's Changed</h2> <ul> <li>build: Update module github.com/go-git/go-git/v5 to v5.16.5 [SECURITY] (releases/v5.x) by <a href="https://github.com/go-git-renovate"><code>@go-git-renovate</code></a>[bot] in <a href="https://redirect.github.com/go-git/go-git/pull/1839">go-git/go-git#1839</a></li> <li>git: worktree, optimize infiles function for very large repos by <a href="https://github.com/k-anshul"><code>@k-anshul</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1853">go-git/go-git#1853</a></li> <li>git: Add strict checks for supported extensions by <a href="https://github.com/pjbgf"><code>@pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1861">go-git/go-git#1861</a></li> <li>backport, git: Improve Status() speed with new index.ModTime check by <a href="https://github.com/cedric-appdirect"><code>@cedric-appdirect</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1862">go-git/go-git#1862</a></li> <li>storage: filesystem, Avoid overwriting loose obj files by <a href="https://github.com/pjbgf"><code>@pjbgf</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1864">go-git/go-git#1864</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.16.5...v5.17.0">https://github.com/go-git/go-git/compare/v5.16.5...v5.17.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/go-git/go-git/commit/bdf06885bdaa3631cf6a2017108086c6f53dcf69"><code>bdf0688</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1864">#1864</a> from pjbgf/v5-issue-55</li> <li><a href="https://github.com/go-git/go-git/commit/5290e521c8cf651bf3e8d3e37f517c7cf7aa0b19"><code>5290e52</code></a> storage: filesystem, Avoid overwriting loose obj files. Fixes <a href="https://redirect.github.com/go-git/go-git/issues/55">#55</a></li> <li><a href="https://github.com/go-git/go-git/commit/5d20a62c72b0bb179cfe35f6c9a9672b9df36f51"><code>5d20a62</code></a> storage: filesystem, Fix permissions for loose and packed objs</li> <li><a href="https://github.com/go-git/go-git/commit/8ed442c6f3d4a0a31094661d112df2f0adcbb8e7"><code>8ed442c</code></a> backport, git: Improve Status() speed with new index.ModTime check (<a href="https://redirect.github.com/go-git/go-git/issues/1862">#1862</a>)</li> <li><a href="https://github.com/go-git/go-git/commit/c7b5960533dc1072ce182cf60f71b75764770008"><code>c7b5960</code></a> build: Align test workflow with main</li> <li><a href="https://github.com/go-git/go-git/commit/8e71edfdc167ef23a9ca342edefee669204a2b7a"><code>8e71edf</code></a> git: Add strict checks for supported extensions</li> <li><a href="https://github.com/go-git/go-git/commit/438a37f65bc6bcc48ebbc641b07d94baebd9eaf3"><code>438a37f</code></a> git: worktree, optimize infiles function for very large repos (<a href="https://redirect.github.com/go-git/go-git/issues/1853">#1853</a>)</li> <li><a href="https://github.com/go-git/go-git/commit/67c70069de887ba2aefa910255f5ce39d4f12be3"><code>67c7006</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1839">#1839</a> from go-git/renovate/releases/v5.x-go-github.com-go-...</li> <li><a href="https://github.com/go-git/go-git/commit/4ca3f026e3ef8dcfc4ceb390f46672f280028b52"><code>4ca3f02</code></a> build: Update module github.com/go-git/go-git/v5 to v5.16.5 [SECURITY]</li> <li>See full diff in <a href="https://github.com/go-git/go-git/compare/v5.16.5...v5.17.0">compare view</a></li> </ul> </details> <br /> Updates `github.com/rhysd/actionlint` from 1.7.7 to 1.7.11 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rhysd/actionlint/releases">github.com/rhysd/actionlint's releases</a>.</em></p> <blockquote> <h2>v1.7.11</h2> <ul> <li>Support the <a href="https://docs.github.com/en/actions/reference/workflows-and-actions/expressions#case"><code>case()</code> function</a> in <code>${{ }}</code> expressions which was recently added to GitHub Actions. (<a href="https://redirect.github.com/rhysd/actionlint/issues/612">#612</a>, <a href="https://redirect.github.com/rhysd/actionlint/issues/614">#614</a>, thanks <a href="https://github.com/heppu"><code>@heppu</code></a>) <pre lang="yaml"><code>env: # ERROR: case() requires an odd number of arguments ENVIRONMENT: |- ${{ case( github.ref == 'refs/heads/main', 'production', github.ref == 'refs/heads/staging', 'staging' ) }} </code></pre> </li> <li>Support new <code>macos-26-large</code> and <code>windows-2025-vs2026</code> runner labels. See the <a href="https://github.blog/changelog/2026-02-05-github-actions-early-february-2026-updates/">GitHub's announce</a> for more details. (<a href="https://redirect.github.com/rhysd/actionlint/issues/615">#615</a>, thanks <a href="https://github.com/hugovk"><code>@hugovk</code></a> and <a href="https://github.com/muzimuzhi"><code>@muzimuzhi</code></a>)</li> <li>Enable <a href="https://docs.github.com/en/actions/concepts/security/artifact-attestations">Artifact attestations</a> for the released binaries. From v1.7.11 <a href="https://cli.github.com/"><code>gh</code> command</a> can verify the integrity of the downloaded binaries as follows. The verification is highly recommended in terms of supply chain security. (<a href="https://redirect.github.com/rhysd/actionlint/issues/608">#608</a>, thanks <a href="https://github.com/takaram"><code>@takaram</code></a>) <pre lang="console"><code>$ gh release download --repo rhysd/actionlint --pattern '*_darwin_amd64.tar.gz' v1.7.11 $ gh attestation verify --repo rhysd/actionlint actionlint_1.7.11_darwin_amd64.tar.gz Loaded digest sha256:17ffc17fed8f0258ef6ad4aed932d3272464c7ef7d64e1cb0d65aa97c9752107 for file://actionlint_1.7.11_darwin_amd64.tar.gz Loaded 1 attestation from GitHub API <p>The following policy criteria will be enforced:</p> <ul> <li>Predicate type must match:................ <a href="https://slsa.dev/provenance/v1">https://slsa.dev/provenance/v1</a></li> <li>Source Repository Owner URI must match:... <a href="https://github.com/rhysd">https://github.com/rhysd</a></li> <li>Source Repository URI must match:......... <a href="https://github.com/rhysd/actionlint">https://github.com/rhysd/actionlint</a></li> <li>Subject Alternative Name must match regex: (?i)^<a href="https://github.com/rhysd/actionlint/">https://github.com/rhysd/actionlint/</a></li> <li>OIDC Issuer must match:................... <a href="https://token.actions.githubusercontent.com">https://token.actions.githubusercontent.com</a></li> </ul> <p>✓ Verification succeeded!</p> <p>The following 1 attestation matched the policy criteria</p> <ul> <li>Attestation <a href="https://redirect.github.com/rhysd/actionlint/issues/1">#1</a> <ul> <li>Build repo:..... rhysd/actionlint</li> <li>Build workflow:. .github/workflows/release.yaml@refs/tags/v1.7.11</li> <li>Signer repo:.... rhysd/actionlint</li> <li>Signer workflow: .github/workflows/release.yaml@refs/tags/v1.7.11 </code></pre></li> </ul> </li> </ul> </li> <li>Report path filters with <code>./</code> as error because they never match anything. (<a href="https://redirect.github.com/rhysd/actionlint/issues/521">#521</a>) <pre lang="yaml"><code>on: push: paths: # ERROR: This never matches anything. `foo/bar.txt` is correct. - ./foo/bar.txt </code></pre> </li> <li>Fix comparing matrix items when an item is a super set of another item. (<a href="https://redirect.github.com/rhysd/actionlint/issues/523">#523</a>, <a href="https://redirect.github.com/rhysd/actionlint/issues/613">#613</a>, thanks <a href="https://github.com/michaelgruenewald"><code>@michaelgruenewald</code></a>)</li> <li>Fix stack overflow crash by a recursive anchor in matrix items. (<a href="https://redirect.github.com/rhysd/actionlint/issues/610">#610</a>)</li> <li>Fix an unassigned variable false positive from shellcheck by disabling SC2153 rule. (<a href="https://redirect.github.com/rhysd/actionlint/issues/573">#573</a>)</li> <li>Reduce the number of memory allocations on resolving anchors.</li> <li>Update the popular actions data set to the latest.</li> <li>Update Go dependencies to the latest.</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md">github.com/rhysd/actionlint's changelog</a>.</em></p> <blockquote> <h1><a href="https://github.com/rhysd/actionlint/releases/tag/v1.7.11">v1.7.11</a> - 2026-02-14</h1> <ul> <li>Support the <a href="https://docs.github.com/en/actions/reference/workflows-and-actions/expressions#case"><code>case()</code> function</a> in <code>${{ }}</code> expressions which was recently added to GitHub Actions. (<a href="https://redirect.github.com/rhysd/actionlint/issues/612">#612</a>, <a href="https://redirect.github.com/rhysd/actionlint/issues/614">#614</a>, thanks <a href="https://github.com/heppu"><code>@heppu</code></a>) <pre lang="yaml"><code>env: # ERROR: case() requires an odd number of arguments ENVIRONMENT: |- ${{ case( github.ref == 'refs/heads/main', 'production', github.ref == 'refs/heads/staging', 'staging' ) }} </code></pre> </li> <li>Support new <code>macos-26-large</code> and <code>windows-2025-vs2026</code> runner labels. See the <a href="https://github.blog/changelog/2026-02-05-github-actions-early-february-2026-updates/">GitHub's announce</a> for more details. (<a href="https://redirect.github.com/rhysd/actionlint/issues/615">#615</a>, thanks <a href="https://github.com/hugovk"><code>@hugovk</code></a> and <a href="https://github.com/muzimuzhi"><code>@muzimuzhi</code></a>)</li> <li>Enable <a href="https://docs.github.com/en/actions/concepts/security/artifact-attestations">Artifact attestations</a> for the released binaries. From v1.7.11 <a href="https://cli.github.com/"><code>gh</code> command</a> can verify the integrity of the downloaded binaries as follows. The verification is highly recommended in terms of supply chain security. (<a href="https://redirect.github.com/rhysd/actionlint/issues/608">#608</a>, thanks <a href="https://github.com/takaram"><code>@takaram</code></a>) <pre lang="console"><code>$ gh release download --repo rhysd/actionlint --pattern '*_darwin_amd64.tar.gz' v1.7.11 $ gh attestation verify --repo rhysd/actionlint actionlint_1.7.11_darwin_amd64.tar.gz Loaded digest sha256:17ffc17fed8f0258ef6ad4aed932d3272464c7ef7d64e1cb0d65aa97c9752107 for file://actionlint_1.7.11_darwin_amd64.tar.gz Loaded 1 attestation from GitHub API <p>The following policy criteria will be enforced:</p> <ul> <li>Predicate type must match:................ <a href="https://slsa.dev/provenance/v1">https://slsa.dev/provenance/v1</a></li> <li>Source Repository Owner URI must match:... <a href="https://github.com/rhysd">https://github.com/rhysd</a></li> <li>Source Repository URI must match:......... <a href="https://github.com/rhysd/actionlint">https://github.com/rhysd/actionlint</a></li> <li>Subject Alternative Name must match regex: (?i)^<a href="https://github.com/rhysd/actionlint/">https://github.com/rhysd/actionlint/</a></li> <li>OIDC Issuer must match:................... <a href="https://token.actions.githubusercontent.com">https://token.actions.githubusercontent.com</a></li> </ul> <p>✓ Verification succeeded!</p> <p>The following 1 attestation matched the policy criteria</p> <ul> <li>Attestation <a href="https://redirect.github.com/rhysd/actionlint/issues/1">#1</a> <ul> <li>Build repo:..... rhysd/actionlint</li> <li>Build workflow:. .github/workflows/release.yaml@refs/tags/v1.7.11</li> <li>Signer repo:.... rhysd/actionlint</li> <li>Signer workflow: .github/workflows/release.yaml@refs/tags/v1.7.11 </code></pre></li> </ul> </li> </ul> </li> <li>Report path filters with <code>./</code> because they never match anything. (<a href="https://redirect.github.com/rhysd/actionlint/issues/521">#521</a>) <pre lang="yaml"><code>on: push: paths: # ERROR: This never matches anything. `foo/bar.txt` is correct. - ./foo/bar.txt </code></pre> </li> <li>Fix comparing matrix items when an item is a super set of another item. (<a href="https://redirect.github.com/rhysd/actionlint/issues/523">#523</a>, <a href="https://redirect.github.com/rhysd/actionlint/issues/613">#613</a>, thanks <a href="https://github.com/michaelgruenewald"><code>@michaelgruenewald</code></a>)</li> <li>Fix stack overflow crash by a recursive anchor in matrix items. (<a href="https://redirect.github.com/rhysd/actionlint/issues/610">#610</a>)</li> <li>Fix a unassigned variable false positive from shellcheck by disabling SC2153 rule. (<a href="https://redirect.github.com/rhysd/actionlint/issues/573">#573</a>)</li> <li>Reduce the number of memory allocations on resolving anchors.</li> <li>Update the popular actions data set to the latest.</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rhysd/actionlint/commit/393031adb9afb225ee52ae2ccd7a5af5525e03e8"><code>393031a</code></a> bump up version to v1.7.11</li> <li><a href="https://github.com/rhysd/actionlint/commit/63589e8f1ece2aaea9d7c50667c54ebc066738ea"><code>63589e8</code></a> add link to the release note of the version in playground heading</li> <li><a href="https://github.com/rhysd/actionlint/commit/58a2626fdedff0a14d953002dc5334056b0e8a0d"><code>58a2626</code></a> remove legacy Homebrew formula</li> <li><a href="https://github.com/rhysd/actionlint/commit/d22c1043a75c3574a7e4922fab848db7d18a8396"><code>d22c104</code></a> fix test script for download script to check error case failures</li> <li><a href="https://github.com/rhysd/actionlint/commit/50d2134acd4fb1c0c65e755e70abbf72d4ff7334"><code>50d2134</code></a> describe how to download and verify artifact using <code>gh</code> (fix <a href="https://redirect.github.com/rhysd/actionlint/issues/617">#617</a>)</li> <li><a href="https://github.com/rhysd/actionlint/commit/226bb4a077668c5f648accecdeaa47a1f66e8cf1"><code>226bb4a</code></a> update playground npm deps including jsdom v28</li> <li><a href="https://github.com/rhysd/actionlint/commit/1e85edb1adf5783319235264962515d90688800d"><code>1e85edb</code></a> disable SC2153 shellcheck rule to avoid unassigned variable false positive (f...</li> <li><a href="https://github.com/rhysd/actionlint/commit/8776d6449779a384b6a6993c0838949315450a55"><code>8776d64</code></a> Merge pull request <a href="https://redirect.github.com/rhysd/actionlint/issues/619">#619</a> from takaram/patch-1</li> <li><a href="https://github.com/rhysd/actionlint/commit/e3eb8cb7497195a00e827261258408238c44ac92"><code>e3eb8cb</code></a> reduce memory allocations on resolving anchors</li> <li><a href="https://github.com/rhysd/actionlint/commit/db08cec2447b13d649e595fcc56926f03bc8a8d2"><code>db08cec</code></a> Fix variable name in release workflow</li> <li>Additional commits viewable in <a href="https://github.com/rhysd/actionlint/compare/v1.7.7...v1.7.11">compare view</a></li> </ul> </details> <br /> Updates `github.com/sirupsen/logrus` from 1.9.3 to 1.9.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sirupsen/logrus/releases">github.com/sirupsen/logrus's releases</a>.</em></p> <blockquote> <h2>v1.9.4</h2> <h2>Notable changes</h2> <ul> <li>go.mod: update minimum supported go version to v1.17 <a href="https://redirect.github.com/sirupsen/logrus/pull/1460">sirupsen/logrus#1460</a></li> <li>go.mod: bump up dependencies <a href="https://redirect.github.com/sirupsen/logrus/pull/1460">sirupsen/logrus#1460</a></li> <li>Touch-up godoc and add "doc" links.</li> <li>README: fix links, grammar, and update examples.</li> <li>Add GNU/Hurd support <a href="https://redirect.github.com/sirupsen/logrus/pull/1364">sirupsen/logrus#1364</a></li> <li>Add WASI wasip1 support <a href="https://redirect.github.com/sirupsen/logrus/pull/1388">sirupsen/logrus#1388</a></li> <li>Remove uses of deprecated <code>ioutil</code> package <a href="https://redirect.github.com/sirupsen/logrus/pull/1472">sirupsen/logrus#1472</a></li> <li>CI: update actions and golangci-lint <a href="https://redirect.github.com/sirupsen/logrus/pull/1459">sirupsen/logrus#1459</a></li> <li>CI: remove appveyor, add macOS <a href="https://redirect.github.com/sirupsen/logrus/pull/1460">sirupsen/logrus#1460</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4">https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sirupsen/logrus/commit/b61f268f75b6ff134a62cd62aee1095fa12e8d2e"><code>b61f268</code></a> Merge pull request <a href="https://redirect.github.com/sirupsen/logrus/issues/1472">#1472</a> from goldlinker/master</li> <li><a href="https://github.com/sirupsen/logrus/commit/15c29db7129cc15331e9c52493d5aaab217146c7"><code>15c29db</code></a> refactor: replace the deprecated function in the ioutil package</li> <li><a href="https://github.com/sirupsen/logrus/commit/cb253f3080f18ec7e55b4c8f15b62fe0a806f130"><code>cb253f3</code></a> Merge pull request <a href="https://redirect.github.com/sirupsen/logrus/issues/1464">#1464</a> from thaJeztah/touchup_godoc</li> <li><a href="https://github.com/sirupsen/logrus/commit/29b233793060a07fb76eda791f604d87e08d23d1"><code>29b2337</code></a> Merge pull request <a href="https://redirect.github.com/sirupsen/logrus/issues/1468">#1468</a> from thaJeztah/touchup_readme</li> <li><a href="https://github.com/sirupsen/logrus/commit/d9168199e06807d8959126bc8c823ad8b96e3969"><code>d916819</code></a> Merge pull request <a href="https://redirect.github.com/sirupsen/logrus/issues/1427">#1427</a> from dolmen/fix-testify-usage</li> <li><a href="https://github.com/sirupsen/logrus/commit/135e4820b2140747fb868073e4dca1619996417a"><code>135e482</code></a> README: small touch-ups</li> <li><a href="https://github.com/sirupsen/logrus/commit/2c5fa36b73abb8b007474417571e268685d0d84e"><code>2c5fa36</code></a> Merge pull request <a href="https://redirect.github.com/sirupsen/logrus/issues/1467">#1467</a> from thaJeztah/rm_old_badge</li> <li><a href="https://github.com/sirupsen/logrus/commit/877ecec10d61675855189ece38d70d8804302fa4"><code>877ecec</code></a> README: remove travis badge</li> <li><a href="https://github.com/sirupsen/logrus/commit/55cf2560b5e5fd3f0e6ff59e6ce766eb12db4522"><code>55cf256</code></a> Merge pull request <a href="https://redirect.github.com/sirupsen/logrus/issues/1393">#1393</a> from jsoref/grammar</li> <li><a href="https://github.com/sirupsen/logrus/commit/21bae50b76794e93449c3f0f845ea0ac903847db"><code>21bae50</code></a> Merge pull request <a href="https://redirect.github.com/sirupsen/logrus/issues/1426">#1426</a> from dolmen/testing-fix-use-of-math-rand</li> <li>Additional commits viewable in <a href="https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4">compare view</a></li> </ul> </details> <br /> Updates `github.com/spf13/cobra` from 1.10.1 to 1.10.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spf13/cobra/releases">github.com/spf13/cobra's releases</a>.</em></p> <blockquote> <h2>v1.10.2</h2> <h2>🔧 Dependencies</h2> <ul> <li>chore: Migrate from <code>gopkg.in/yaml.v3</code> to <code>go.yaml.in/yaml/v3</code> by <a href="https://github.com/dims"><code>@dims</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2336">spf13/cobra#2336</a> - the <code>gopkg.in/yaml.v3</code> package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of <code>spf13/cobra</code></li> </ul> <h2>📈 CI/CD</h2> <ul> <li>Fix linter and allow CI to pass by <a href="https://github.com/marckhouzam"><code>@marckhouzam</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2327">spf13/cobra#2327</a></li> <li>fix: actions/setup-go v6 by <a href="https://github.com/jpmcb"><code>@jpmcb</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2337">spf13/cobra#2337</a></li> </ul> <h2>🔥✍🏼 Docs</h2> <ul> <li>Add documentation for repeated flags functionality by <a href="https://github.com/rvergis"><code>@rvergis</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2316">spf13/cobra#2316</a></li> </ul> <h2>🍂 Refactors</h2> <ul> <li>refactor: replace several vars with consts by <a href="https://github.com/htoyoda18"><code>@htoyoda18</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2328">spf13/cobra#2328</a></li> <li>refactor: change minUsagePadding from var to const by <a href="https://github.com/ssam18"><code>@ssam18</code></a> in <a href="https://redirect.github.com/spf13/cobra/pull/2325">spf13/cobra#2325</a></li> </ul> <h2>🤗 New Contributors</h2> <ul> <li><a href="https://github.com/rvergis"><code>@rvergis</code></a> made their first contribution in <a href="https://redirect.github.com/spf13/cobra/pull/2316">spf13/cobra#2316</a></li> <li><a href="https://github.com/htoyoda18"><code>@htoyoda18</code></a> made their first contribution in <a href="https://redirect.github.com/spf13/cobra/pull/2328">spf13/cobra#2328</a></li> <li><a href="https://github.com/ssam18"><code>@ssam18</code></a> made their first contribution in <a href="https://redirect.github.com/spf13/cobra/pull/2325">spf13/cobra#2325</a></li> <li><a href="https://github.com/dims"><code>@dims</code></a> made their first contribution in <a href="https://redirect.github.com/spf13/cobra/pull/2336">spf13/cobra#2336</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/spf13/cobra/compare/v1.10.1...v1.10.2">https://github.com/spf13/cobra/compare/v1.10.1...v1.10.2</a></p> <p>Thank you to our amazing contributors!!!!! 🐍 🚀</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spf13/cobra/commit/88b30ab89da2d0d0abb153818746c5a2d30eccec"><code>88b30ab</code></a> chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (<a href="https://redirect.github.com/spf13/cobra/issues/2336">#2336</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/346d408fe7d4be00ff9481ea4d43c4abb5e5f77d"><code>346d408</code></a> fix: actions/setup-go v6 (<a href="https://redirect.github.com/spf13/cobra/issues/2337">#2337</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/fc81d2003469e2a5c440306d04a6d82a54065979"><code>fc81d20</code></a> refactor: change minUsagePadding from var to const (<a href="https://redirect.github.com/spf13/cobra/issues/2325">#2325</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/117698a604b65e80a1ad5b76df67b604bcd992e0"><code>117698a</code></a> refactor: replace several vars with consts (<a href="https://redirect.github.com/spf13/cobra/issues/2328">#2328</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/e2dd29ddc39acacf3af13013b06e1fe58b5c3599"><code>e2dd29d</code></a> Add documentation for repeated flags functionality (<a href="https://redirect.github.com/spf13/cobra/issues/2316">#2316</a>)</li> <li><a href="https://github.com/spf13/cobra/commit/062989255670f5e100abf70fa5e291a394915f89"><code>0629892</code></a> Fix linter (<a href="https://redirect.github.com/spf13/cobra/issues/2327">#2327</a>)</li> <li>See full diff in <a href="https://github.com/spf13/cobra/compare/v1.10.1...v1.10.2">compare view</a></li> </ul> </details> <br /> Updates `github.com/spf13/pflag` from 1.0.9 to 1.0.10 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spf13/pflag/releases">github.com/spf13/pflag's releases</a>.</em></p> <blockquote> <h2>v1.0.10</h2> <h2>What's Changed</h2> <ul> <li>fix deprecation comment for (FlagSet.)ParseErrorsWhitelist by <a href="https://github.com/thaJeztah"><code>@thaJeztah</code></a> in <a href="https://redirect.github.com/spf13/pflag/pull/447">spf13/pflag#447</a></li> <li>remove uses of errors.Is, which requires go1.13, move go1.16/go1.21 tests to separate file by <a href="https://github.com/thaJeztah"><code>@thaJeztah</code></a> in <a href="https://redirect.github.com/spf13/pflag/pull/448">spf13/pflag#448</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/thaJeztah"><code>@thaJeztah</code></a> made their first contribution in <a href="https://redirect.github.com/spf13/pflag/pull/447">spf13/pflag#447</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/spf13/pflag/compare/v1.0.9...v1.0.10">https://github.com/spf13/pflag/compare/v1.0.9...v1.0.10</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spf13/pflag/commit/0491e5702ad2bb108bc519a5221bcc0f52aa9564"><code>0491e57</code></a> Merge pull request <a href="https://redirect.github.com/spf13/pflag/issues/448">#448</a> from thaJeztah/fix_go_version</li> <li><a href="https://github.com/spf13/pflag/commit/72abab1d978352c34a7274f374d30f413e1c83f3"><code>72abab1</code></a> Merge pull request <a href="https://redirect.github.com/spf13/pflag/issues/447">#447</a> from thaJeztah/fix_deprecation_comment</li> <li><a href="https://github.com/spf13/pflag/commit/7e4dfb1e325ce429e29994933210abe53de7041d"><code>7e4dfb1</code></a> Test on Go 1.12</li> <li><a href="https://github.com/spf13/pflag/commit/18a9d17d0ee8bd64d5c2071fc031be86fa2cd328"><code>18a9d17</code></a> move Func, BoolFunc, tests as they require go1.21</li> <li><a href="https://github.com/spf13/pflag/commit/c5b9e989df31c5d19573e50d6188550ad51a971e"><code>c5b9e98</code></a> remove uses of errors.Is, which requires go1.13</li> <li><a href="https://github.com/spf13/pflag/commit/45a48733e35ba296a5f4dcc2b01996b89dc91a06"><code>45a4873</code></a> fix deprecation comment for (FlagSet.)ParseErrorsWhitelist</li> <li>See full diff in <a href="https://github.com/spf13/pflag/compare/v1.0.9...v1.0.10">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/term` from 0.38.0 to 0.40.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/term/commit/3aff3041f556e280e3e814347086e94b8ab76b95"><code>3aff304</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/term/commit/a7e5b0437ffa3159709172efbe396bc546550e23"><code>a7e5b04</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/term/commit/943f25d3595f79ce29c4175d889758d38b375688"><code>943f25d</code></a> x/term: handle transpose</li> <li><a href="https://github.com/golang/term/commit/9b991dd831b8a478f9fc99a0b39b492b4e25a3c0"><code>9b991dd</code></a> x/term: handle delete key</li> <li>See full diff in <a href="https://github.com/golang/term/compare/v0.38.0...v0.40.0">compare view</a></li> </ul> </details> <br /> Updates `github.com/golang-jwt/jwt/v5` from 5.3.0 to 5.3.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golang-jwt/jwt/releases">github.com/golang-jwt/jwt/v5's releases</a>.</em></p> <blockquote> <h2>v5.3.1</h2>  <h2>What's Changed</h2> <h3>🔐 Features</h3> <ul> <li>Add spellcheck Github action to catch common spelling mistakes by <a href="https://github.com/equalsgibson"><code>@equalsgibson</code></a> in <a href="https://redirect.github.com/golang-jwt/jwt/pull/458">golang-jwt/jwt#458</a></li> <li>Add <code>WithNotBeforeRequired</code> parser option and add test coverage by <a href="https://github.com/equalsgibson"><code>@equalsgibson</code></a> in <a href="https://redirect.github.com/golang-jwt/jwt/pull/456">golang-jwt/jwt#456</a></li> <li>Update godoc example func to properly refer to <code>NewWithClaims()</code> by <a href="https://github.com/equalsgibson"><code>@equalsgibson</code></a> in <a href="https://redirect.github.com/golang-jwt/jwt/pull/459">golang-jwt/jwt#459</a></li> <li>Update github workflows by <a href="https://github.com/mfridman"><code>@mfridman</code></a> in <a href="https://redirect.github.com/golang-jwt/jwt/pull/462">golang-jwt/jwt#462</a></li> <li>Additional test for CustomClaims that validates unmarshalling behaviour by <a href="https://github.com/equalsgibson"><code>@equalsgibson</code></a> in <a href="https://redirect.github.com/golang-jwt/jwt/pull/457">golang-jwt/jwt#457</a></li> <li>Fix early file close in jwt cli by <a href="https://github.com/mfridman"><code>@mfridman</code></a> in <a href="https://redirect.github.com/golang-jwt/jwt/pull/472">golang-jwt/jwt#472</a></li> <li>Add TPM signature reference by <a href="https://github.com/salrashid123"><code>@salrashid123</code></a> in <a href="https://redirect.github.com/golang-jwt/jwt/pull/473">golang-jwt/jwt#473</a></li> <li>Remove misleading ParserOptions documentation in <a href="https://redirect.github.com/golang-jwt/jwt/pull/484">golang-jwt/jwt#484</a></li> <li>Save signature to Token struct after successful signing by <a href="https://github.com/EgorSheff"><code>@EgorSheff</code></a> in <a href="https://redirect.github.com/golang-jwt/jwt/pull/417">golang-jwt/jwt#417</a></li> <li>Set token.Signature in <code>ParseUnverified</code> by <a href="https://github.com/slickwilli"><code>@slickwilli</code></a> in <a href="https://redirect.github.com/golang-jwt/jwt/pull/414">golang-jwt/jwt#414</a></li> </ul> <h3>👒 Dependencies</h3> <ul> <li>Bump crate-ci/typos from 1.34.0 to 1.35.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golang-jwt/jwt/pull/461">golang-jwt/jwt#461</a></li> <li>Bump crate-ci/typos from 1.35.4 to 1.36.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golang-jwt/jwt/pull/470">golang-jwt/jwt#470</a></li> <li>Bump github/codeql-action from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golang-jwt/jwt/pull/478">golang-jwt/jwt#478</a></li> <li>Bump crate-ci/typos from 1.36.2 to 1.39.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golang-jwt/jwt/pull/480">golang-jwt/jwt#480</a></li> <li>Bump golangci/golangci-lint-action from 8 to 9 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golang-jwt/jwt/pull/481">golang-jwt/jwt#481</a></li> <li>Bump actions/setup-go from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golang-jwt/jwt/pull/469">golang-jwt/jwt#469</a></li> <li>Bump crate-ci/typos from 1.39.0 to 1.40.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golang-jwt/jwt/pull/488">golang-jwt/jwt#488</a></li> <li>Bump actions/checkout from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golang-jwt/jwt/pull/487">golang-jwt/jwt#487</a></li> <li>Bump crate-ci/typos from 1.40.0 to 1.41.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golang-jwt/jwt/pull/490">golang-jwt/jwt#490</a></li> <li>Bump crate-ci/typos from 1.41.0 to 1.42.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golang-jwt/jwt/pull/492">golang-jwt/jwt#492</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/equalsgibson"><code>@equalsgibson</code></a> made their first contribution in <a href="https://redirect.github.com/golang-jwt/jwt/pull/458">golang-jwt/jwt#458</a></li> <li><a href="https://github.com/salrashid123"><code>@salrashid123</code></a> made their first contribution in <a href="https://redirect.github.com/golang-jwt/jwt/pull/473">golang-jwt/jwt#473</a></li> <li><a href="https://github.com/EgorSheff"><code>@EgorSheff</code></a> made their first contribution in <a href="https://redirect.github.com/golang-jwt/jwt/pull/417">golang-jwt/jwt#417</a></li> <li><a href="https://github.com/slickwilli"><code>@slickwilli</code></a> made their first contribution in <a href="https://redirect.github.com/golang-jwt/jwt/pull/414">golang-jwt/jwt#414</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/golang-jwt/jwt/compare/v5.3.0...v5.3.1">https://github.com/golang-jwt/jwt/compare/v5.3.0...v5.3.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang-jwt/jwt/commit/7ceae619e739dc8a7bf577214aa8ebf26668e9db"><code>7ceae61</code></a> Add release.yml for changelog configuration</li> <li><a href="https://github.com/golang-jwt/jwt/commit/dce8e4dddcc9dc812cdc0b9d2037512d0e4b3eb5"><code>dce8e4d</code></a> Set token.Signature in <code>ParseUnverified</code> (<a href="https://redirect.github.com/golang-jwt/jwt/issues/414">#414</a>)</li> <li><a href="https://github.com/golang-jwt/jwt/commit/8889e208aa5c3736e5f7a856107ee70c046b803e"><code>8889e20</code></a> Save signature to Token struct after successful signing (<a href="https://redirect.github.com/golang-jwt/jwt/issues/417">#417</a>)</li> <li><a href="https://github.com/golang-jwt/jwt/commit/d237f8204b397bc008b5b07c4e081beb4ec2a7b1"><code>d237f82</code></a> ci: update github-actions schedule interval to monthly</li> <li><a href="https://github.com/golang-jwt/jwt/commit/d8dce95a406fc435aa3d11c5073f2f31a9449116"><code>d8dce95</code></a> Bump crate-ci/typos from 1.41.0 to 1.42.1 (<a href="https://redirect.github.com/golang-jwt/jwt/issues/492">#492</a>)</li> <li><a href="https://github.com/golang-jwt/jwt/commit/e93180329eab078116176ff7dc4352760bc5f290"><code>e931803</code></a> Bump crate-ci/typos from 1.40.0 to 1.41.0 (<a href="https://redirect.github.com/golang-jwt/jwt/issues/490">#490</a>)</li> <li><a href="https://github.com/golang-jwt/jwt/commit/e6a0afa839d74787501369217245b52bfc75f30d"><code>e6a0afa</code></a> Bump actions/checkout from 5 to 6 (<a href="https://redirect.github.com/golang-jwt/jwt/issues/487">#487</a>)</li> <li><a href="https://github.com/golang-jwt/jwt/commit/9f85c9ec9f10fb6919d773cb8df07029639ec76e"><code>9f85c9e</code></a> Bump crate-ci/typos from 1.39.0 to 1.40.0 (<a href="https://redirect.github.com/golang-jwt/jwt/issues/488">#488</a>)</li> <li><a href="https://github.com/golang-jwt/jwt/commit/60a8669e0221aed55a6abfd9b5cd20472f0c6ebd"><code>60a8669</code></a> Bump actions/setup-go from 5 to 6 (<a href="https://redirect.github.com/golang-jwt/jwt/issues/469">#469</a>)</li> <li><a href="https://github.com/golang-jwt/jwt/commit/76f582896da76978896d59ced995d7967c33c434"><code>76f5828</code></a> Remove misleading ParserOptions documentation (<a href="https://redirect.github.com/golang-jwt/jwt/issues/484">#484</a>)</li> <li>Additional commits viewable in <a href="https://github.com/golang-jwt/jwt/compare/v5.3.0...v5.3.1">compare view</a></li> </ul> </details> <br /> Updates `github.com/moby/go-archive` from 0.1.0 to 0.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/moby/go-archive/releases">github.com/moby/go-archive's releases</a>.</em></p> <blockquote> <h2>v0.2.0</h2> <h2>What's Changed</h2> <ul> <li>remove aliases for deprecated types and functions <a href="https://redirect.github.com/moby/go-archive/pull/10">moby/go-archive#10</a></li> <li>chrootarchive: remove redundant "init" mitigation for CVE-2019-14271 <a href="https://redirect.github.com/moby/go-archive/pull/11">moby/go-archive#11</a></li> <li>xattr: Fix OS matching <a href="https://redirect.github.com/moby/go-archive/pull/20">moby/go-archive#20</a></li> <li>TestOverlayTarUntar: remove redundant cmpopts.EquateEmpty <a href="https://redirect.github.com/moby/go-archive/pull/9">moby/go-archive#9</a></li> <li>go.mod: bump github.com/klauspost/compress v1.18.2 <a href="https://redirect.github.com/moby/go-archive/pull/19">moby/go-archive#19</a></li> <li>gha: update actions <a href="https://redirect.github.com/moby/go-archive/pull/18">moby/go-archive#18</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/moby/go-archive/compare/v0.1.0...v0.2.0">https://github.com/moby/go-archive/compare/v0.1.0...v0.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/moby/go-archive/commit/263611f5f0914b2a153d86dae2042d13be6a88c4"><code>263611f</code></a> Merge pull request <a href="https://redirect.github.com/moby/go-archive/issues/20">#20</a> from thaJeztah/carry_17</li> <li><a href="https://github.com/moby/go-archive/commit/a1d4e7339a9c9397397ff2e44fec921eaa6d0696"><code>a1d4e73</code></a> Merge pull request <a href="https://redirect.github.com/moby/go-archive/issues/18">#18</a> from thaJeztah/bump_gha</li> <li><a href="https://github.com/moby/go-archive/commit/da4e566157fb1abf573eba9681fbe6d669d0de94"><code>da4e566</code></a> xattr: Fix OS matching.</li> <li><a href="https://github.com/moby/go-archive/commit/df87f45519ff6de1e09d2e96635f0ce46f36eaf5"><code>df87f45</code></a> Merge pull request <a href="https://redirect.github.com/moby/go-archive/issues/19">#19</a> from thaJeztah/bump_deps</li> <li><a href="https://github.com/moby/go-archive/commit/8996f2289474369d496495cb1a1acdf53ea61d3e"><code>8996f22</code></a> gha: update CodeQL Action to v4</li> <li><a href="https://github.com/moby/go-archive/commit/985c60fe36bd91f1ed5a726e5f81c666e897ed8d"><code>985c60f</code></a> gha: codeql: use go stable</li> <li><a href="https://github.com/moby/go-archive/commit/4752b25568454c126b6631957c79816c73284d83"><code>4752b25</code></a> gha: update actions/setup-go@v6</li> <li><a href="https://github.com/moby/go-archive/commit/280f7750e2ac36dc63a035873453a47bb7cef237"><code>280f775</code></a> gha: update actions/checkout@v6</li> <li><a href="https://github.com/moby/go-archive/commit/4c912d344027f7d3376a008ceadfb25825d444a7"><code>4c912d3</code></a> gha: update golangci/golangci-lint-action@v9</li> <li><a href="https://github.com/moby/go-archive/commit/2cd730e76d8fe2792d272ffc2e696c7ec8b67e64"><code>2cd730e</code></a> go.mod: bump github.com/klauspost/compress v1.18.2</li> <li>Additional commits viewable in <a href="https://github.com/moby/go-archive/compare/v0.1.0...v0.2.0">compare view</a></li> </ul> </details> <br /> Updates `google.golang.org/protobuf` from 1.36.9 to 1.36.11 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

kerem added the

pull-request

label

2026-03-01 22:37:37 +03:00

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/act#2660

No description provided.

Rows
Columns