Skip to content

chore(deps): Bump the dependencies group with 3 updates#157

Merged
jmeridth merged 1 commit intomainfrom
dependabot/github_actions/dependencies-06a7f8e6f7
Apr 11, 2026
Merged

chore(deps): Bump the dependencies group with 3 updates#157
jmeridth merged 1 commit intomainfrom
dependabot/github_actions/dependencies-06a7f8e6f7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 11, 2026

Bumps the dependencies group with 3 updates: step-security/harden-runner, github-community-projects/contributors and super-linter/super-linter.

Updates step-security/harden-runner from 2.16.0 to 2.16.1

Release notes

Sourced from step-security/harden-runner's releases.

v2.16.1

What's Changed

Enterprise tier: Added support for direct IP addresses in the allow list Community tier: Migrated Harden Runner telemetry to a new endpoint

Full Changelog: step-security/harden-runner@v2.16.0...v2.16.1

Commits

Updates github-community-projects/contributors from 2.0.4 to 2.0.7

Release notes

Sourced from github-community-projects/contributors's releases.

v2.0.7

Changelog

🐛 Bug Fixes

🧰 Maintenance

See details of all code changes since previous release

v2.0.6

Changelog

🧰 Maintenance

See details of all code changes since previous release

v2.0.5

Changelog

🐛 Bug Fixes

  • fix: prevent dev dependency downloads at runtime @​zkoppert (#434)
  • fix: update harden-runner action to v2.16.0 due to security issue @​jmeridth (#435)
  • fix: tighten workflow permissions, add security hardening, and fix uv tool invocations @​jmeridth (#431)

🧰 Maintenance

  • chore(deps): bump requests from 2.32.5 to 2.33.0 @dependabot[bot] (#438)
  • chore(deps): bump github-community-projects/contributors from 1.7.8 to 2.0.4 @dependabot[bot] (#437)
  • chore(deps): bump kenyonj/mark-ready-when-ready from 33b13c51ba23786efb933701ef253352baf05bdd to b6279addd55dd13208965a9eff24b2cf1989a8ef @dependabot[bot] (#436)
  • chore(deps): bump github/codeql-action from 3.32.6 to 4.32.6 @dependabot[bot] (#432)

See details of all code changes since previous release

Commits
  • 52a3496 chore(deps): bump cryptography from 46.0.6 to 46.0.7 (#451)
  • 725553e chore(deps): bump types-requests in the dependencies group (#450)
  • 8c63740 chore(deps): bump astral-sh/setup-uv from 7.3.1 to 8.0.0 (#449)
  • 50457a4 chore(deps): bump github/codeql-action in the dependencies group (#448)
  • 8452e4e fix: compare sponsor_info as bool instead of string (#446)
  • 3ba51bd chore(deps): bump requests from 2.33.0 to 2.33.1 (#444)
  • 866ac8e chore(deps): bump pytest-cov in the dependencies group (#443)
  • 7751e51 chore(deps): bump the dependencies group with 5 updates (#442)
  • 6255ce8 chore(deps): bump cryptography from 46.0.5 to 46.0.6 (#440)
  • 24fd00b chore(deps): bump requests from 2.32.5 to 2.33.0 (#438)
  • Additional commits viewable in compare view

Updates super-linter/super-linter from 8.5.0 to 8.6.0

Release notes

Sourced from super-linter/super-linter's releases.

v8.6.0

8.6.0 (2026-03-31)

🚀 Features

🐛 Bugfixes

⬆️ Dependency updates

  • bundler: bump rubocop in /dependencies in the rubocop group (#7514) (f2264d2)
  • bundler: bump rubocop in /dependencies in the rubocop group (#7604) (c929dc3)
  • bundler: bump rubocop in /dependencies in the rubocop group (#7662) (bfb2fd9)
  • bundler: bump rubocop-github in /dependencies in the rubocop group (#7640) (a88d75e)
  • bundler: bump the rubocop group across 1 directory with 2 updates (#7565) (56ae6b3)
  • docker: bump python in the docker-base-images group (#7319) (717c087)
  • docker: bump the docker group across 1 directory with 4 updates (#7698) (11c750e)
  • docker: bump the docker group across 1 directory with 5 updates (#7615) (d7e1bd8)
  • docker: bump the docker group across 1 directory with 6 updates (#7566) (0f9cf19)
  • docker: bump the docker group across 1 directory with 6 updates (#7631) (ad7f508)
  • docker: bump the docker group across 1 directory with 9 updates (#7513) (89e3725)
  • docker: bump the docker group with 2 updates (#7577) (8b2f0c0)
  • docker: bump the docker group with 2 updates (#7641) (7293e37)
  • docker: bump the docker group with 2 updates (#7663) (eabfa25)
  • java: bump com.puppycrawl.tools:checkstyle (#7689) (4c66d9d)
  • java: bump the java-gradle group across 2 directories with 2 updates (#7581) (51af5a0)
  • npm: bump ajv from 6.12.6 to 6.14.0 in /dependencies (#7550) (7f00eb7)
  • npm: bump axios from 1.12.2 to 1.13.5 in /dependencies (#7510) (a891169)
  • npm: bump brace-expansion from 1.1.12 to 1.1.13 in /dependencies (#7685) (92c4cea)
  • npm: bump express-rate-limit from 8.2.1 to 8.3.0 in /dependencies (#7613) (c184a25)
  • npm: bump flatted from 3.3.3 to 3.4.1 in /dependencies (#7636) (013d8a7)
  • npm: bump hono from 4.11.7 to 4.12.2 in /dependencies (#7559) (5c3679f)
  • npm: bump hono from 4.12.5 to 4.12.7 in /dependencies (#7624) (c31d9ad)
  • npm: bump markdown-it and renovate in /dependencies (#7529) (9b794c2)
  • npm: bump path-to-regexp from 8.3.0 to 8.4.0 in /dependencies (#7687) (309fb55)
  • npm: bump picomatch in /dependencies (#7675) (df4f15e)
  • npm: bump qs from 6.14.1 to 6.14.2 in /dependencies (#7520) (a9e6534)
  • npm: bump renovate (#7699) (b91627f)
  • npm: bump renovate from 43.4.0 to 43.4.4 in /dependencies (#7524) (2ab5b9c)
  • npm: bump smol-toml from 1.6.0 to 1.6.1 in /dependencies (#7676) (d015498)
  • npm: bump the npm group across 1 directory with 15 updates (#7595) (58ee821)
  • npm: bump the npm group across 1 directory with 2 updates (#7623) (ddb4fbb)

... (truncated)

Changelog

Sourced from super-linter/super-linter's changelog.

Changelog

8.6.0 (2026-03-31)

🚀 Features

🐛 Bugfixes

⬆️ Dependency updates

  • bundler: bump rubocop in /dependencies in the rubocop group (#7514) (f2264d2)
  • bundler: bump rubocop in /dependencies in the rubocop group (#7604) (c929dc3)
  • bundler: bump rubocop in /dependencies in the rubocop group (#7662) (bfb2fd9)
  • bundler: bump rubocop-github in /dependencies in the rubocop group (#7640) (a88d75e)
  • bundler: bump the rubocop group across 1 directory with 2 updates (#7565) (56ae6b3)
  • docker: bump python in the docker-base-images group (#7319) (717c087)
  • docker: bump the docker group across 1 directory with 4 updates (#7698) (11c750e)
  • docker: bump the docker group across 1 directory with 5 updates (#7615) (d7e1bd8)
  • docker: bump the docker group across 1 directory with 6 updates (#7566) (0f9cf19)
  • docker: bump the docker group across 1 directory with 6 updates (#7631) (ad7f508)
  • docker: bump the docker group across 1 directory with 9 updates (#7513) (89e3725)
  • docker: bump the docker group with 2 updates (#7577) (8b2f0c0)
  • docker: bump the docker group with 2 updates (#7641) (7293e37)
  • docker: bump the docker group with 2 updates (#7663) (eabfa25)
  • java: bump com.puppycrawl.tools:checkstyle (#7689) (4c66d9d)
  • java: bump the java-gradle group across 2 directories with 2 updates (#7581) (51af5a0)
  • npm: bump ajv from 6.12.6 to 6.14.0 in /dependencies (#7550) (7f00eb7)
  • npm: bump axios from 1.12.2 to 1.13.5 in /dependencies (#7510) (a891169)
  • npm: bump brace-expansion from 1.1.12 to 1.1.13 in /dependencies (#7685) (92c4cea)
  • npm: bump express-rate-limit from 8.2.1 to 8.3.0 in /dependencies (#7613) (c184a25)
  • npm: bump flatted from 3.3.3 to 3.4.1 in /dependencies (#7636) (013d8a7)
  • npm: bump hono from 4.11.7 to 4.12.2 in /dependencies (#7559) (5c3679f)
  • npm: bump hono from 4.12.5 to 4.12.7 in /dependencies (#7624) (c31d9ad)
  • npm: bump markdown-it and renovate in /dependencies (#7529) (9b794c2)
  • npm: bump path-to-regexp from 8.3.0 to 8.4.0 in /dependencies (#7687) (309fb55)
  • npm: bump picomatch in /dependencies (#7675) (df4f15e)
  • npm: bump qs from 6.14.1 to 6.14.2 in /dependencies (#7520) (a9e6534)
  • npm: bump renovate (#7699) (b91627f)
  • npm: bump renovate from 43.4.0 to 43.4.4 in /dependencies (#7524) (2ab5b9c)
  • npm: bump smol-toml from 1.6.0 to 1.6.1 in /dependencies (#7676) (d015498)
  • npm: bump the npm group across 1 directory with 15 updates (#7595) (58ee821)

... (truncated)

Commits
  • 9e86335 chore(main): release 8.6.0 (#7512)
  • b91627f deps(npm): bump renovate (#7699)
  • 11c750e deps(docker): bump the docker group across 1 directory with 4 updates (#7698)
  • 4c66d9d deps(java): bump com.puppycrawl.tools:checkstyle (#7689)
  • cb17f60 deps(python): bump the pip group across 1 directory with 5 updates (#7684)
  • 6a65d3a feat: improve zsh scripts support (#7674)
  • eb8ddc7 chore: update ruby and npm deps (#7694)
  • db85efc deps(npm): bump the npm group across 1 directory with 9 updates (#7690)
  • c5ec78d ci(dev-npm): bump the npm_and_yarn group across 1 directory with 1 update (#7...
  • f35a407 ci(dev-docker): bump node in /dev-dependencies (#7678)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): Bump the dependencies group with 3 updates
3cf2780 
Bumps the dependencies group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [github-community-projects/contributors](https://github.com/github-community-projects/contributors) and [super-linter/super-linter](https://github.com/super-linter/super-linter).


Updates `step-security/harden-runner` from 2.16.0 to 2.16.1
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@fa2e9d6...f808768)

Updates `github-community-projects/contributors` from 2.0.4 to 2.0.7
- [Release notes](https://github.com/github-community-projects/contributors/releases)
- [Commits](github-community-projects/contributors@08ba119...52a3496)

Updates `super-linter/super-linter` from 8.5.0 to 8.6.0
- [Release notes](https://github.com/super-linter/super-linter/releases)
- [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md)
- [Commits](super-linter/super-linter@61abc07...9e86335)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.16.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: github-community-projects/contributors
  dependency-version: 2.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: super-linter/super-linter
  dependency-version: 8.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 11, 2026
@dependabot dependabot bot requested review from jmeridth and zkoppert as code owners April 11, 2026 10:05
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 11, 2026
@jmeridth jmeridth merged commit 2f0e2de into main Apr 11, 2026
41 checks passed
@jmeridth jmeridth deleted the dependabot/github_actions/dependencies-06a7f8e6f7 branch April 11, 2026 11:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmeridth jmeridth jmeridth approved these changes

@zkoppert zkoppert Awaiting requested review from zkoppert zkoppert is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code maintenance

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jmeridth