[ci](deps): Bump the github-actions group with 14 updates

[dependabot]

Bumps the github-actions group with 14 updates:

Package	From	To
step-security/harden-runner	2.14.0	2.14.1
actions/checkout	6.0.1	6.0.2
actions/setup-node	6.1.0	6.2.0
actions/cache	5.0.1	5.0.3
github/codeql-action	4.31.9	4.32.0
oxsecurity/megalinter	9.2.0	9.3.0
google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml	2.3.1	2.3.2
google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml	2.3.1	2.3.2
peter-evans/create-pull-request	8.0.0	8.1.0
rojopolis/spellcheck-github-actions	0.56.0	0.58.0
actions/ai-inference	2.0.4	2.0.5
super-linter/super-linter	8.3.2	8.4.0
trufflesecurity/trufflehog	3.92.4	3.92.5
crate-ci/typos	1.41.0	1.42.3

Updates step-security/harden-runner from 2.14.0 to 2.14.1

Release notes

Sourced from step-security/harden-runner's releases.

v2.14.1

What's Changed

1. In some self-hosted environments, the agent could briefly fall back to public DNS resolvers during startup if the system DNS was not yet available. This behavior was unintended for GitHub-hosted runners and has now been fixed to prevent any use of public DNS resolvers.

2. Fixed npm audit vulnerabilities

Full Changelog: step-security/harden-runner@v2.14.0...v2.14.1

Commits

• e3f713f Merge pull request #631 from step-security/rc-31
• 423acdd chore: fix npm audit vulnerabilities
• 0ddb86c update agent
• See full diff in compare view

Updates actions/checkout from 6.0.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

• Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @​TingluoHuang in actions/checkout#2355
• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

Commits

• de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
• 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
• See full diff in compare view

Updates actions/setup-node from 6.1.0 to 6.2.0

Release notes

Sourced from actions/setup-node's releases.

v6.2.0

What's Changed

Documentation

• Documentation update related to absence of Lockfile by @​mahabaleshwars in actions/setup-node#1454
• Correct mirror option typos by @​MikeMcC399 in actions/setup-node#1442
• Readme update on checkout version v6 by @​deining in actions/setup-node#1446
• Readme typo fixes @​munyari in actions/setup-node#1226
• Advanced document update on checkout version v6 by @​aparnajyothi-y in actions/setup-node#1468

Dependency updates:

• Upgrade @​actions/cache to v5.0.1 by @​salmanmkc in actions/setup-node#1449

New Contributors

• @​mahabaleshwars made their first contribution in actions/setup-node#1454
• @​MikeMcC399 made their first contribution in actions/setup-node#1442
• @​deining made their first contribution in actions/setup-node#1446
• @​munyari made their first contribution in actions/setup-node#1226

Full Changelog: actions/setup-node@v6...v6.2.0

Commits

• 6044e13 Docs: bump actions/checkout from v5 to v6 (#1468)
• 8e49463 Fix README typo (#1226)
• 621ac41 README.md: bump to latest released checkout version v6 (#1446)
• 2951748 Bump @​actions/cache to v5.0.1 (#1449)
• 21ddc7b Correct mirror option typos (#1442)
• 65d868f Update Documentation for Lockfile (#1454)
• See full diff in compare view

Updates actions/cache from 5.0.1 to 5.0.3

Release notes

Sourced from actions/cache's releases.

v5.0.3

What's Changed

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

Full Changelog: actions/cache@v5...v5.0.3

v.5.0.2

v5.0.2

What's Changed

When creating cache entries, 429s returned from the cache service will not be retried.

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

1. Switch to a new branch from main.
2. Run npm test to ensure all tests are passing.
3. Update the version in https://github.com/actions/cache/blob/main/package.json.
4. Run npm run build to update the compiled files.
5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
6. Run licensed cache to update the license report.
7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
8. Commit your changes and push your branch upstream.
9. Open a pull request against main and get it reviewed and merged.
10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.3

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

5.0.2

• Bump @actions/cache to v5.0.3 #1692

5.0.1

• Update @azure/storage-blob to ^12.29.1 via @actions/[email protected] #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

4.3.0

• Bump @actions/cache to v4.1.0

... (truncated)

Commits

• cdf6c1f Merge pull request #1695 from actions/Link-/prepare-5.0.3
• a1bee22 Add review for the @​actions/http-client license
• 4695763 Add licensed output
• dc73bb9 Upgrade dependencies and address security warnings
• 345d5c2 Add 5.0.3 builds
• 8b402f5 Merge pull request #1692 from GhadimiR/main
• 304ab5a license for httpclient
• 609fc19 Update licensed record for cache
• b22231e Build
• 93150cd Add PR link to releases
• Additional commits viewable in compare view

Updates github/codeql-action from 4.31.9 to 4.32.0

Release notes

Sourced from github/codeql-action's releases.

v4.32.0

• Update default CodeQL bundle version to 2.24.0. #3425

v4.31.11

• When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
• Improved error handling throughout the CodeQL Action. #3415
• Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
• The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403

v4.31.10

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.10 - 12 Jan 2026

• Update default CodeQL bundle version to 2.23.9. #3393

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.32.0 - 26 Jan 2026

• Update default CodeQL bundle version to 2.24.0. #3425

4.31.11 - 23 Jan 2026

• When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
• Improved error handling throughout the CodeQL Action. #3415
• Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
• The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403

4.31.10 - 12 Jan 2026

• Update default CodeQL bundle version to 2.23.9. #3393

4.31.9 - 16 Dec 2025

No user facing changes.

4.31.8 - 11 Dec 2025

• Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

• Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

• Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

• CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.

... (truncated)

Commits

• b20883b Merge pull request #3428 from github/update-v4.32.0-e3b8227a2
• c9aa45d Update changelog for v4.32.0
• e3b8227 Merge pull request #3427 from github/henrymercer/bump-for-new-minor-series
• 8a01181 Compare minor version number
• 80e1425 Bump minor version for CLI v2.24.0
• b748848 Bump the Action minor version number on new CodeQL minor version series
• 5e767ef Merge pull request #3425 from github/update-bundle/codeql-bundle-v2.24.0
• 9752869 Add changelog note
• c62c214 Update default bundle to codeql-bundle-v2.24.0
• 25a224b Merge pull request #3423 from github/mbg/ci/yq-windows
• Additional commits viewable in compare view

Updates oxsecurity/megalinter from 9.2.0 to 9.3.0

Release notes

Sourced from oxsecurity/megalinter's releases.

v9.3.0

What's Changed

• Core

  • Add enum name support in MegaLinter config Json schema for better autocompletion in editors
  • Update base image to python:3.13-alpine3.23

• New linters

  • Add codespell
  • Add kingfisher by @​bdovaz
  • Add rumdl by @​bdovaz

• Linters enhancements

  • Change checkmake Docker image reference by @​bdovaz

• Reporters

  • Handle multiple MegaLinter runs on the same repo using custom value sent in variable MEGALINTER_MULTIRUN_KEY
  • Allow to override url to CI build in Git based reporters using REPORTERS_ACTION_RUN_URL variable
  • Fix sections display in Gitlab console logs

• Doc

  • Classify all JSON schema config variables by category and section

• CI

  • Free disk space on GitHub actions runner when releasing a new flavor
  • Add missing Dockerfile patterns to Renovate Dockerfile manager
  • Remove gitpod custom image, workflow, and makefile targets

• Linter versions upgrades (54)

  • actionlint from 1.7.9 to 1.7.10
  • ansible-lint from 25.11.1 to 25.12.2
  • bash-exec from 5.2.37 to 5.3.3
  • black from 25.11.0 to 25.12.0
  • cfn-lint from 1.41.0 to 1.43.1
  • checkov from 3.2.495 to 3.2.497
  • clang-format from 20.1.8 to 21.1.2
  • clippy from 0.1.91 to 0.1.92
  • clj-kondo from 2025.10.23 to 2025.12.23
  • code-analyzer-apex from 5.6.1 to 5.7.1
  • code-analyzer-aura from 5.6.1 to 5.7.1
  • code-analyzer-lwc from 5.6.1 to 5.7.1
  • cppcheck from 2.14.2 to 2.18.3
  • csharpier from 1.2.1 to 1.2.5
  • cspell from 9.3.2 to 9.4.0
  • dartanalyzer from 3.8.3 to 3.10.7
  • dotnet-format from 9.0.111 to 9.0.112
  • git_diff from 2.49.1 to 2.52.0
  • golangci-lint from 2.6.2 to 2.7.2
  • grype from 0.104.1 to 0.104.3
  • helm from 3.18.4 to 3.19.0

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

• Core

  • Improve files browsing performances
  • Optimize parallel linter processing and improve grouping logic
  • Improve performance of listing .gitignored files by sending excluded directories to git ls-files
  • If there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances

• New linters

• Disabled linters

  • LUA_SELENE: Kampfkarren/selene#662

• Deprecated linters

• Removed linters

• Media

• Linters enhancements

  • Use the official checkmake image by @​bdovaz
  • Add sarif support to spectral by @​bdovaz

• Fixes

  • Add support for SSH remote origins when building custom flavors (fixes: #6511)
  • Fix issue with plugins ignored when FLAVOR_SUGGESTIONS=false
  • Fix wrong tagging apply_fixes=True when linter has no fix options configured
  • Python mypy: Remove .ipynb from file extensions (mypy doesn't support notebooks directly) - fixes #6904

• Reporters

  • Add a link inviting to star MegaLinter
  • Display in the console reporter the working directory from which the commands are executed by @​bdovaz
  • Update WebHook reporter so it can send more events for a better integration with UI
  • When truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)

• Doc

  • JSON Schema: add default values for file extensions and file names variables + improve descriptions
  • Update default secured env variables documentation

• Flavors

• CI

... (truncated)

Commits

• 42bb470 Release MegaLinter v9.3.0
• fe74938 changelog
• edb083a [automation] Auto-update linters version, help and documentation (#6889)
• 824240c JSON Schema fix (#6888)
• 9af8d5b chore(deps): update dependency npm-package-json-lint to v9.1.0 (#6883)
• 781c95c [automation] Auto-update linters version, help and documentation (#6885)
• 101b802 JSON Schema (#6887)
• 3ab7a93 chore(deps): update dependency friendsofphp/php-cs-fixer to v3.92.4 (#6886)
• 12f7c03 chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.9.21 (#6882)
• 91a9dfb chore(deps): update dependency sfdx-hardis to v6.20.0 (#6884)
• Additional commits viewable in compare view

Updates google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml from 2.3.1 to 2.3.2

Release notes

Sourced from google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml's releases.

v2.3.2

This updates OSV-Scanner to v2.3.2

This release includes performance improvements for local scanning, reducing memory usage and avoiding unnecessary advisory loading. It also fixes issues with MCP's get_vulnerability_details tool, git queries in osv-scanner.json, and ignore entry tracking, along with documentation updates.

Fixes:

• [Bug #2415](google/osv-scanner#2415) Add more PURL-to-ecosystem mappings
• [Bug #2422](google/osv-scanner#2422) MCP error for get_vulnerability_id because type definition is incorrect.
• [Bug #2460](google/osv-scanner#2460) Enable osv-scanner.json git queries
• [Bug #2456](google/osv-scanner#2456) Properly track if an ignore entry has been used
• [Bug #2450](google/osv-scanner#2450) Performance: Avoid loading the entire advisory unless it will actually be used
• [Bug #2445](google/osv-scanner#2445) Performance: Don't read the entire zip into memory
• [Bug #2433](google/osv-scanner#2433) Allow specifying user agent in v2 osvscanner package

Misc:

• [Misc #2453](google/osv-scanner#2453) Switch from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3
• [Misc #2447](google/osv-scanner#2447) Include bun.lock as a supported lockfile
• [Misc #2444](google/osv-scanner#2444) Document GoVersionOverride in configuration.md

Full Changelog: google/osv-scanner@v2.3.1...v2.3.2

Commits

• 2a387ed Merge pull request #116 from google/update-to-v2.3.2
• f75042f Update unified workflow example to point to v2.3.2 reusable workflows
• 17ad728 Update reusable workflows to point to v2.3.2 actions
• 9eebeae "Update actions to use v2.3.2 osv-scanner image"
• dcf7b89 Merge pull request #114 from renovate-bot/renovate/major-workflows
• 6bcc4fa Merge pull request #113 from renovate-bot/renovate/workflows
• 70f7395 chore(deps): update github/codeql-action action to v4.31.9
• 7c3c2a7 chore(deps): update workflows
• a239d86 Merge pull request #109 from renovate-bot/renovate/major-workflows
• 5345c88 chore(deps): update actions/checkout action to v6
• See full diff in compare view

Updates google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml from 2.3.1 to 2.3.2

Release notes

Sourced from google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml's releases.

v2.3.2

This updates OSV-Scanner to v2.3.2

This release includes performance improvements for local scanning, reducing memory usage and avoiding unnecessary advisory loading. It also fixes issues with MCP's get_vulnerability_details tool, git queries in osv-scanner.json, and ignore entry tracking, along with documentation updates.

Fixes:

• [Bug #2415](google/osv-scanner#2415) Add more PURL-to-ecosystem mappings
• [Bug #2422](google/osv-scanner#2422) MCP error for get_vulnerability_id because type definition is incorrect.
• [Bug #2460](google/osv-scanner#2460) Enable osv-scanner.json git queries
• [Bug #2456](google/osv-scanner#2456) Properly track if an ignore entry has been used
• [Bug #2450](google/osv-scanner#2450) Performance: Avoid loading the entire advisory unless it will actually be used
• [Bug #2445](google/osv-scanner#2445) Performance: Don't read the entire zip into memory
• [Bug #2433](google/osv-scanner#2433) Allow specifying user agent in v2 osvscanner package

Misc:

• [Misc #2453](google/osv-scanner#2453) Switch from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3
• [Misc #2447](google/osv-scanner#2447) Include bun.lock as a supported lockfile
• [Misc #2444](google/osv-scanner#2444) Document GoVersionOverride in configuration.md

Full Changelog: google/osv-scanner@v2.3.1...v2.3.2

Commits

• 2a387ed Merge pull request #116 from google/update-to-v2.3.2
• f75042f Update unified workflow example to point to v2.3.2 reusable workflows
• 17ad728 Update reusable workflows to point to v2.3.2 actions
• 9eebeae "Update actions to use v2.3.2 osv-scanner image"
• dcf7b89 Merge pull request #114 from renovate-bot/renovate/major-workflows
• 6bcc4fa Merge pull request #113 from renovate-bot/renovate/workflows
• 70f7395 chore(deps): update github/codeql-action action to v4.31.9
• 7c3c2a7 chore(deps): update workflows
• a239d86 Merge pull request #109 from renovate-bot/renovate/major-workflows
• 5345c88 chore(deps): update actions/checkout action to v6
• See full diff in compare view

Updates peter-evans/create-pull-request from 8.0.0 to 8.1.0

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v8.1.0

What's Changed

• README.md: bump given GitHub actions to their latest versions by @​deining in peter-evans/create-pull-request#4265
• build(deps): bump the github-actions group with 2 updates by @​dependabot[bot] in peter-evans/create-pull-request#4273
• build(deps-dev): bump the npm group with 2 updates by @​dependabot[bot] in peter-evans/create-pull-request#4274
• build(deps-dev): bump undici from 6.22.0 to 6.23.0 by @​dependabot[bot] in peter-evans/create-pull-request#4284
• Update distribution by @​actions-bot in peter-evans/create-pull-request#4289
• fix: Handle remote prune failures gracefully on self-hosted runners by @​peter-evans in peter-evans/create-pull-request#4295
• feat: add @​octokit/plugin-retry to handle retriable server errors by @​peter-evans in peter-evans/create-pull-request#4298

New Contributors

• @​deining made their first contribution in peter-evans/create-pull-request#4265

Full Changelog: peter-evans/create-pull-request@v8.0.0...v8.1.0

Commits

• c0f553f feat: add @​octokit/plugin-retry to handle retriable server errors (#4298)
• 7000124 fix: Handle remote prune failures gracefully (#4295)
• 34aa40e build: update distribution (#4289)
• 641099d build(deps-dev): bump undici from 6.22.0 to 6.23.0 (#4284)
• 2271f1d build(deps-dev): bump the npm group with 2 updates (#4274)
• 437c31a build(deps): bump the github-actions group with 2 updates (#4273)
• 0979079 docs: update readme
• 5b751cd README.md: bump given GitHub actions to their latest versions (#4265)
• See full diff in compare view

Updates rojopolis/spellcheck-github-actions from 0.56.0 to 0.58.0

Release notes

Sourced from rojopolis/spellcheck-github-actions's releases.

0.58.0

What's Changed

• Security patch for dependency pymdown-extensions by @​jonasbn in rojopolis/spellcheck-github-actions#313
• Bump rojopolis/spellcheck-github-actions from 0.56.0 to 0.57.0 by @​dependabot[bot] in rojopolis/spellcheck-github-actions#315

Full Changelog: rojopolis/spellcheck-github-actions@0.57.0...0.58.0

0.57.0

What's Changed

• Bump rojopolis/spellcheck-github-actions from 0.55.0 to 0.56.0 by @​dependabot[bot] in rojopolis/spellcheck-github-actions#309
• Bump python from 2751cbe to 3955a7d by @​dependabot[bot] in rojopolis/spellcheck-github-actions#310
• Updated base image, version intact. Maintenance release, update not required by @​jonasbn in rojopolis/spellcheck-github-actions#311

Full Changelog: rojopolis/spellcheck-github-actions@0.56.0...0.57.0

Changelog

Sourced from rojopolis/spellcheck-github-actions's changelog.

Change Log for spellcheck-github-actions

0.58.0, 2026-01-20, security release, update not required

• A minor security issue in the dependency: pymdown-extensions, which is used by the core component PySpelling
  • GHSA-r6h4-mm7h-8pmq
  • Original issue: facelessuser/pymdown-extensions#2716

0.57.0, 2026-01-14, maintenance release, update not required

• Docker based image updated to Python 3.14.2 slim trixie via PR #310 from Dependabot. The version is the same, the image has had updates.

0.56.0, 2025-12-27, feature and maintenance release, update not required

• Support for Portuguese (Portugal and Brazil) for both Hunspell and Aspell, requested by: @​mdiazgoncalves via issue #298
• Docker image updated to Python 3.14.2 trixie slim Release notes for Python 3.14.2

0.55.0, 2025-11-27, maintenance release, update not required

• Via an issue #293 from @​shoverbj, an update to the core component PySpelling from version 2.12.0 to version 2.12.1 was made, this allows for use of large dictionaries with Aspell

0.54.0, 2025-11-05, feature release, update not required

• PySpelling the core component has been updated to version 2.12.0, which introduces support for maximum available cores. The feature is described in the release notes for PySpelling 2.12.0. See the documentation for PySpelling.

• The flag was introduced with release 2.10 of PySpelling, which was adopted in release 0.36.0 of this action.

0.53.0, 2025-10-25, maintenance release, update not required

• Docker image updated to Python 3.14.0 trixie slim Release notes for Python 3.14.0, this originated from the PR mentioned below, however updated to Trixie from Bookworm and as always the slim variant is used

• Bumped the requirement for cython to 3.0.11 or above, addressing a build issue with lxml, located when testing the PR : #274 from @​dependabot, the above update of Python

• In general the Docker build file had a few updates since the above changes required some tweaking of the Dockerfile

  • Order of installation of dependencies adjusted to ensure that lxml can build correctly
  • Installation of:
    • build-essential
    • pkg-config
    • libxml2-dev
    • libxslt1-dev
    • zlib1g-dev

0.52.0, 2025-09-10, feature release, update not required

• With version 2.11 of PySpelling a new command line option --skip-dict-compile is introduced to PySpelling and is adopted by this action. This will skip the dictionary compiling step if the dictionary already exists. Changes to a custom dictionary will be ignored., see the release notes for PySpelling. Do see the updated documentation for details.

  • The feature can be enabled by setting the input parameter skip_dict_compile to true, the default is false, meaning that the dictionary will be compiled on each run of the action.
  • This can save time if you have a large custom dictionary that does not change often.

• Docker image updated to Python 3.13.7 bookworm slim Release notes for Python 3.13.7

... (truncated)

Commits

• 0bf4b2f Bumped release date
• d2bf0b0 Bump rojopolis/spellcheck-github-actions from 0.56.0 to 0.57.0 (#315)
• 247484a Fixed some spelling, URLs should possibly be treated as code
• 8c73a77 Security patch for dependency pymdown-extensions (#313)
• 2b78e36 Merge pull request #311 from rojopolis/release_candidate-0.57.0
• ae438aa Updated base image, version intact. Maintenance release, update not required
• ed2239b Merge pull request #310 from rojopolis/dependabot/docker/python-3955a7d
• 975de5b Bump python from 2751cbe to 3955a7d
• 5d3ca52 Bump rojopolis/spellcheck-github-actions from 0.55.0 to 0.56.0 (#309)
• See full diff in compare view

Updates actions/ai-inference from 2.0.4 to 2.0.5

Release notes

Sourced from actions/ai-inference's releases.

v2.0.5

What's Changed

• chore(deps): bump glob from 10.4.5 to 10.5.0 by @​dependabot[bot] in actions/ai-inference#146
• chore(deps): bump qs from 6.14.0 to 6.14.1 by @​dependabot[bot] in actions/ai-inference#157
• chore(deps-dev): bump vite from 7.0.6 to 7.1.11 by @​dependabot[bot] in actions/ai-inference#135
• chore(deps): bump @​rollup/rollup-linux-x64-gnu from 4.46.0 to 4.52.5 by @​dependabot[bot] in actions/ai-inference#132
• chore(deps): bump @​modelcontextprotocol/sdk from 1.15.1 to 1.24.0 by @​dependabot[bot] in actions/ai-inference#153
• chore(deps): bump js-yaml from 4.1.0 to 4.1.1 by @​dependabot[bot] in actions/ai-inference#144
• chore(deps): bump body-parser from 2.2.0 to 2.2.1 by @​dependabot[bot] in actions/ai-inference#149
• chore(deps): bump @​modelcontextprotocol/sdk from 1.24.0 to 1.25.2 by @​dependabot[bot] in actions/ai-inference#158
• chore(deps): bump express from 5.1.0 to 5.2.1 by @​dependabot[bot] in actions/ai-inference#152
• Add Missing Languages to CodeQL Advanced Configuration by @​KyFaSt in actions/ai-inference#51
• Add custom headers support for API Management integration by @​yg1996 in actions/ai-inference#163

New Contributors

• @​KyFaSt made their first contribution in actions/ai-inference#51
• @​yg1996 made their first contribution in actions/ai-inference#163

Full Changelog: actions/ai-inference@v2...v2.0.5

Commits

• a6101c8 Merge pull request #163 from yg1996/add-custom-headers-support
• 15ae50a Add CRLF injection protection for header values
• f773800 Update src/helpers.ts
• 6402ff8 Update README.md
• c760995 Remove redundant feature documentation file
• ce720b3 Fix header validation per RFC 7230 and add null check

[Nick2bad4u]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.