Compare commits

...

11 Commits

Author SHA1 Message Date
dependabot[bot] c67237f6a7 chore(deps-dev): Bump @vitejs/plugin-react in the react group
Bumps the react group with 1 update: [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react).


Updates `@vitejs/plugin-react` from 5.2.0 to 6.0.3
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@6.0.3/packages/plugin-react)

---
updated-dependencies:
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: react
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-08 13:43:26 +00:00
dependabot[bot] a87a4d8df8 chore(deps-dev): Bump i18next-cli from 1.53.2 to 1.65.0 (#1979)
Bumps [i18next-cli](https://github.com/i18next/i18next-cli) from 1.53.2
to 1.65.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/i18next-cli/blob/main/CHANGELOG.md">i18next-cli's
changelog</a>.</em></p>
<blockquote>
<h2>1.65.0</h2>
<ul>
<li>fix(extract): respect <code>fallbackNS</code> — keys already
translated in a fallback
namespace are no longer duplicated into the requesting namespace's file
(<a
href="https://redirect.github.com/i18next/i18next-cli/issues/272">#272</a>).
<ul>
<li>Such keys are now attributed to the fallback namespace instead, so
<code>removeUnusedKeys</code> no longer prunes them from the fallback
file (previously
a key like <code>cancel</code> living only in the fallback namespace was
<strong>deleted</strong>
there and re-created in every namespace that used it).</li>
<li>A key that already has a non-empty value in the requesting
namespace's own
file is treated as an intentional per-namespace override and keeps being
extracted there, mirroring the i18next runtime lookup order (requested
namespace first, then the fallback chain). Empty-string placeholders
left
behind by previous extract runs are cleaned up.</li>
<li>Keys not found in any fallback namespace are still added to the
requesting
namespace, like the i18next <code>saveMissing</code> behavior.</li>
</ul>
</li>
<li>feat(extract): <code>fallbackNS</code> now also accepts an array of
namespaces (looked
up in order, like the i18next runtime option) — supported by
<code>extract</code>,
<code>status</code>, and the TypeScript types generator.</li>
</ul>
<h2>1.64.2</h2>
<ul>
<li>fix(status): scope the pass/fail result to the requested locale
(<a
href="https://redirect.github.com/i18next/i18next-cli/issues/271">#271</a>).
<ul>
<li><code>status &lt;locale&gt;</code> now exits based on <strong>that
locale only</strong>, instead of always
evaluating every secondary language. Previously, running e.g.
<code>status en-AU</code> on a fully-translated primary could print
&quot;🎉 All keys
present&quot; and still exit <code>1</code> because an unrelated
secondary (e.g. an empty
<code>de-DE</code>) was incomplete — a summary that contradicted the
exit code.</li>
<li>When the requested locale is the primary, the check still fails only
on
<em>absent</em> keys (empty placeholders are tolerated); for a secondary
it fails
on any untranslated/absent key. The global view (<code>status</code>
with no locale)
is unchanged.</li>
<li>The failure message now names the locale when scoped
(<code>Error: Incomplete translations detected for
&quot;de-DE&quot;.</code>) so the reason is
no longer hidden.</li>
</ul>
</li>
</ul>
<h2>1.64.1</h2>
<ul>
<li>fix(status): align plural reporting with the i18next runtime
(<a
href="https://redirect.github.com/i18next/i18next-cli/issues/270">#270</a>).
<ul>
<li>Plural categories that <code>Intl.PluralRules</code> only selects
for out-of-range
values (e.g. French <code>_many</code>, which fires only for counts ≥
1,000,000) are
now treated as <strong>optional</strong>: a missing or empty variant is
shown as a soft
&quot;optional plural form&quot; note instead of a hard &quot;missing
key&quot; error, so it no
longer fails the check. Categories reachable by typical counts
(including
decimals, e.g. Polish/Russian <code>other</code>) remain required.</li>
<li>With <code>disablePlurals: true</code>, a key used with
<code>count</code> is now considered
satisfied when either its plural variants
(<code>_one</code>/<code>_other</code>) <strong>or</strong> the bare
key exist — mirroring the runtime's <code>key + suffix → key</code>
resolution chain —</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/i18next/i18next-cli/commit/9497126db21489514db6c2d181ccb667af977281"><code>9497126</code></a>
1.65.0</li>
<li><a
href="https://github.com/i18next/i18next-cli/commit/cebfb66b646ce72d93f888c8438082698f35af6c"><code>cebfb66</code></a>
fix(extract): respect fallbackNS and stop duplicating keys into
namespace fil...</li>
<li><a
href="https://github.com/i18next/i18next-cli/commit/4af3b5b767ba144773419d13d045240ebace36d0"><code>4af3b5b</code></a>
1.64.2</li>
<li><a
href="https://github.com/i18next/i18next-cli/commit/59e5c157b8e6263a7686aa83189169eef4947230"><code>59e5c15</code></a>
fix(status): scope pass/fail to the requested locale <a
href="https://redirect.github.com/i18next/i18next-cli/issues/271">#271</a></li>
<li><a
href="https://github.com/i18next/i18next-cli/commit/58e96acf4d779a60dd49555cfbe7125d370918dd"><code>58e96ac</code></a>
1.64.1</li>
<li><a
href="https://github.com/i18next/i18next-cli/commit/90fb64de7c9973cc2bb93074489a114b3c214a43"><code>90fb64d</code></a>
fix(status): align plural reporting with the i18next runtime <a
href="https://redirect.github.com/i18next/i18next-cli/issues/270">#270</a></li>
<li><a
href="https://github.com/i18next/i18next-cli/commit/4f32c051a6b330e5480bea9c5f1e06bfc057b016"><code>4f32c05</code></a>
1.64.0</li>
<li><a
href="https://github.com/i18next/i18next-cli/commit/9ab66af4796228060d05bda6de5ff7dea92e9c89"><code>9ab66af</code></a>
feat(extract): support trailing wildcards in functions (e.g.
'tProps.*')</li>
<li><a
href="https://github.com/i18next/i18next-cli/commit/3f40d0b904b01546fe86ae14d2e6f54b39ccba78"><code>3f40d0b</code></a>
1.63.1</li>
<li><a
href="https://github.com/i18next/i18next-cli/commit/eac231da589c9690a3bcc1aaf05f10572ae395cb"><code>eac231d</code></a>
fix(init): pin <code>@​inlang/plugin-i18next</code><a
href="https://github.com/6"><code>@​6</code></a>.2.1 (restores Sherlock
annotations)</li>
<li>Additional commits viewable in <a
href="https://github.com/i18next/i18next-cli/compare/v1.53.2...v1.65.0">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-07 20:46:33 +00:00
dependabot[bot] 89d583715f chore(deps): Bump the react group across 1 directory with 7 updates (#1976)
Bumps the react group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) |
`19.2.4` | `19.2.7` |
|
[@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)
| `19.2.14` | `19.2.17` |
|
[react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom)
| `19.2.4` | `19.2.7` |
| [react-i18next](https://github.com/i18next/react-i18next) | `17.0.7` |
`17.0.8` |
| [react-icons](https://github.com/react-icons/react-icons) | `5.6.0` |
`5.7.0` |
|
[@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react)
| `5.1.4` | `6.0.3` |
|
[eslint-plugin-react-refresh](https://github.com/ArnaudBarre/eslint-plugin-react-refresh)
| `0.5.2` | `0.5.3` |


Updates `react` from 19.2.4 to 19.2.7
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/facebook/react/releases">react's
releases</a>.</em></p>
<blockquote>
<h2>19.2.7 (June 1st, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Fixed missing <code>FormData</code> entries in Server Actions which
regressed in 19.2.6
(<a
href="https://redirect.github.com/facebook/react/pull/36566">#36566</a>
by <a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a>)</li>
</ul>
<h2>19.2.6 (May 6th, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Type hardening and performance improvements
(<a
href="https://redirect.github.com/facebook/react/pull/36425">#36425</a>
by <a href="https://github.com/eps1lon"><code>@​eps1lon</code></a> and
<a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a>)</li>
</ul>
<h2>19.2.5 (April 8th, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Add more cycle protections (<a
href="https://redirect.github.com/facebook/react/pull/36236">#36236</a>
by <a href="https://github.com/eps1lon"><code>@​eps1lon</code></a> and
<a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/react/react/blob/main/CHANGELOG.md">react's
changelog</a>.</em></p>
<blockquote>
<h2>19.2.7 (June 1, 2026)</h2>
<h3>React Server Components</h3>
<ul>
<li>Fixed missing <code>FormData</code> entries in Server Actions which
regressed in 19.2.6 (<a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a> <a
href="https://redirect.github.com/facebook/react/pull/36566">#36566</a>)</li>
</ul>
<h2>19.2.6 (May 6, 2026)</h2>
<h3>React Server Components</h3>
<ul>
<li>Type hardening and performance improvements (<a
href="https://github.com/eps1lon"><code>@​eps1lon</code></a>, <a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a> <a
href="https://redirect.github.com/facebook/react/pull/36425">#36425</a>)</li>
</ul>
<h2>19.2.5 (March 18, 2026)</h2>
<h3>React Server Components</h3>
<ul>
<li>Add more cycle protections (<a
href="https://github.com/eps1lon"><code>@​eps1lon</code></a>, <a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a> <a
href="https://redirect.github.com/facebook/react/pull/36236">#36236</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/react/react/commit/6117d7cca4906492c51fe6a03381e35adfd86e7d"><code>6117d7c</code></a>
Version 19.2.7 (<a
href="https://github.com/facebook/react/tree/HEAD/packages/react/issues/36591">#36591</a>)</li>
<li><a
href="https://github.com/react/react/commit/eaf3e95ca92be7a23d3c9cc8ffd6f199a40be401"><code>eaf3e95</code></a>
Version 19.2.6</li>
<li><a
href="https://github.com/react/react/commit/23f4f9f30da9e9af2108c18bb197bae75ab584ea"><code>23f4f9f</code></a>
19.2.5</li>
<li>See full diff in <a
href="https://github.com/facebook/react/commits/v19.2.7/packages/react">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new
releaser for react since your current version.</p>
</details>
<br />

Updates `@types/react` from 19.2.14 to 19.2.17
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare
view</a></li>
</ul>
</details>
<br />

Updates `react-dom` from 19.2.4 to 19.2.7
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/facebook/react/releases">react-dom's
releases</a>.</em></p>
<blockquote>
<h2>19.2.7 (June 1st, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Fixed missing <code>FormData</code> entries in Server Actions which
regressed in 19.2.6
(<a
href="https://redirect.github.com/facebook/react/pull/36566">#36566</a>
by <a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a>)</li>
</ul>
<h2>19.2.6 (May 6th, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Type hardening and performance improvements
(<a
href="https://redirect.github.com/facebook/react/pull/36425">#36425</a>
by <a href="https://github.com/eps1lon"><code>@​eps1lon</code></a> and
<a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a>)</li>
</ul>
<h2>19.2.5 (April 8th, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Add more cycle protections (<a
href="https://redirect.github.com/facebook/react/pull/36236">#36236</a>
by <a href="https://github.com/eps1lon"><code>@​eps1lon</code></a> and
<a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/react/react/blob/main/CHANGELOG.md">react-dom's
changelog</a>.</em></p>
<blockquote>
<h2>19.2.7 (June 1, 2026)</h2>
<h3>React Server Components</h3>
<ul>
<li>Fixed missing <code>FormData</code> entries in Server Actions which
regressed in 19.2.6 (<a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a> <a
href="https://redirect.github.com/facebook/react/pull/36566">#36566</a>)</li>
</ul>
<h2>19.2.6 (May 6, 2026)</h2>
<h3>React Server Components</h3>
<ul>
<li>Type hardening and performance improvements (<a
href="https://github.com/eps1lon"><code>@​eps1lon</code></a>, <a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a> <a
href="https://redirect.github.com/facebook/react/pull/36425">#36425</a>)</li>
</ul>
<h2>19.2.5 (March 18, 2026)</h2>
<h3>React Server Components</h3>
<ul>
<li>Add more cycle protections (<a
href="https://github.com/eps1lon"><code>@​eps1lon</code></a>, <a
href="https://github.com/unstubbable"><code>@​unstubbable</code></a> <a
href="https://redirect.github.com/facebook/react/pull/36236">#36236</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/react/react/commit/6117d7cca4906492c51fe6a03381e35adfd86e7d"><code>6117d7c</code></a>
Version 19.2.7 (<a
href="https://github.com/facebook/react/tree/HEAD/packages/react-dom/issues/36591">#36591</a>)</li>
<li><a
href="https://github.com/react/react/commit/eaf3e95ca92be7a23d3c9cc8ffd6f199a40be401"><code>eaf3e95</code></a>
Version 19.2.6</li>
<li><a
href="https://github.com/react/react/commit/23f4f9f30da9e9af2108c18bb197bae75ab584ea"><code>23f4f9f</code></a>
19.2.5</li>
<li>See full diff in <a
href="https://github.com/facebook/react/commits/v19.2.7/packages/react-dom">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new
releaser for react-dom since your current version.</p>
</details>
<br />

Updates `react-i18next` from 17.0.7 to 17.0.8
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md">react-i18next's
changelog</a>.</em></p>
<blockquote>
<h2>17.0.8</h2>
<ul>
<li>fix(types): <code>&lt;Trans i18nKey={$ =&gt; ...}&gt;</code> now
typechecks under <code>enableSelector: 'strict'</code>. The
<code>Trans</code> component's conditional type was gated on
<code>_EnableSelector extends true | 'optimize'</code>, excluding
<code>'strict'</code> and falling back to the legacy string-key
signature. Runtime was already correct (it calls
<code>keyFromSelector(i18nKey)</code> whenever <code>typeof i18nKey ===
'function'</code>); this is a type-only fix that widens the conditional
to include <code>'strict'</code>. Thanks <a
href="https://github.com/Faithfinder"><code>@​Faithfinder</code></a> (<a
href="https://redirect.github.com/i18next/react-i18next/pull/1921">#1921</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/i18next/react-i18next/commit/a46ad23ad07f1a3440d03cce80d0cab7ad23e2f0"><code>a46ad23</code></a>
17.0.8</li>
<li><a
href="https://github.com/i18next/react-i18next/commit/f715031fd7d90542bacd15d50e57235763527271"><code>f715031</code></a>
update i18next dep</li>
<li><a
href="https://github.com/i18next/react-i18next/commit/a515d5b767366e2b48704d219a3b7e4744e7ce72"><code>a515d5b</code></a>
changelog: 17.0.8 entry for <a
href="https://redirect.github.com/i18next/react-i18next/issues/1921">#1921</a></li>
<li><a
href="https://github.com/i18next/react-i18next/commit/d5ab7c82e93b4cb4b64b298b407745f3dbb235a1"><code>d5ab7c8</code></a>
fix(types): accept selector i18nKey on &lt;Trans&gt; under
enableSelector: 'strict'...</li>
<li><a
href="https://github.com/i18next/react-i18next/commit/b91ba362800ca7af2461306b900731eaad1de19a"><code>b91ba36</code></a>
Add Locize advice section near the top of README</li>
<li>See full diff in <a
href="https://github.com/i18next/react-i18next/compare/v17.0.7...v17.0.8">compare
view</a></li>
</ul>
</details>
<br />

Updates `react-icons` from 5.6.0 to 5.7.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/react-icons/react-icons/releases">react-icons's
releases</a>.</em></p>
<blockquote>
<h2>v5.7.0</h2>
<h2>What's Changed</h2>
<ul>
<li>update packages by <a
href="https://github.com/kamijin-fanta"><code>@​kamijin-fanta</code></a>
in <a
href="https://redirect.github.com/react-icons/react-icons/pull/1153">react-icons/react-icons#1153</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/react-icons/react-icons/compare/v5.6.0...v5.7.0">https://github.com/react-icons/react-icons/compare/v5.6.0...v5.7.0</a></p>
<table>
<thead>
<tr>
<th>Icon Library</th>
<th>License</th>
<th>Version</th>
<th align="right">Count</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://circumicons.com/">Circum Icons</a></td>
<td><a
href="https://github.com/Klarr-Agency/Circum-Icons/blob/main/LICENSE">MPL-2.0
license</a></td>
<td>1.0.0</td>
<td align="right">288</td>
</tr>
<tr>
<td><a href="https://fontawesome.com/">Font Awesome 5</a></td>
<td><a href="https://creativecommons.org/licenses/by/4.0/">CC BY 4.0
License</a></td>
<td>5.15.4-3-gafecf2a</td>
<td align="right">1612</td>
</tr>
<tr>
<td><a href="https://fontawesome.com/">Font Awesome 6</a></td>
<td><a href="https://creativecommons.org/licenses/by/4.0/">CC BY 4.0
License</a></td>
<td>6.7.2-1-g840c215</td>
<td align="right">2060</td>
</tr>
<tr>
<td><a href="https://ionicons.com/">Ionicons 4</a></td>
<td><a
href="https://github.com/ionic-team/ionicons/blob/master/LICENSE">MIT</a></td>
<td>4.6.3</td>
<td align="right">696</td>
</tr>
<tr>
<td><a href="https://ionicons.com/">Ionicons 5</a></td>
<td><a
href="https://github.com/ionic-team/ionicons/blob/master/LICENSE">MIT</a></td>
<td>5.5.4</td>
<td align="right">1332</td>
</tr>
<tr>
<td><a href="http://google.github.io/material-design-icons/">Material
Design icons</a></td>
<td><a
href="https://github.com/google/material-design-icons/blob/master/LICENSE">Apache
License Version 2.0</a></td>
<td>4.0.0-161-gf3fb4442b2</td>
<td align="right">4341</td>
</tr>
<tr>
<td><a href="http://s-ings.com/typicons/">Typicons</a></td>
<td><a href="https://creativecommons.org/licenses/by-sa/3.0/">CC BY-SA
3.0</a></td>
<td>2.1.2</td>
<td align="right">336</td>
</tr>
<tr>
<td><a href="https://octicons.github.com/">Github Octicons
icons</a></td>
<td><a
href="https://github.com/primer/octicons/blob/master/LICENSE">MIT</a></td>
<td>18.3.0</td>
<td align="right">264</td>
</tr>
<tr>
<td><a href="https://feathericons.com/">Feather</a></td>
<td><a
href="https://github.com/feathericons/feather/blob/master/LICENSE">MIT</a></td>
<td>4.29.2</td>
<td align="right">287</td>
</tr>
<tr>
<td><a href="https://lucide.dev/">Lucide</a></td>
<td><a
href="https://github.com/lucide-icons/lucide/blob/main/LICENSE">ISC</a></td>
<td>0.462.0</td>
<td align="right">1541</td>
</tr>
<tr>
<td><a href="https://game-icons.net/">Game Icons</a></td>
<td><a href="https://creativecommons.org/licenses/by/3.0/">CC BY
3.0</a></td>
<td>12920d6565588f0512542a3cb0cdfd36a497f910</td>
<td align="right">4040</td>
</tr>
<tr>
<td><a href="https://erikflowers.github.io/weather-icons/">Weather
Icons</a></td>
<td><a href="http://scripts.sil.org/OFL">SIL OFL 1.1</a></td>
<td>2.0.12</td>
<td align="right">219</td>
</tr>
<tr>
<td><a href="https://vorillaz.github.io/devicons/">Devicons</a></td>
<td><a href="https://opensource.org/licenses/MIT">MIT</a></td>
<td>1.8.0</td>
<td align="right">192</td>
</tr>
<tr>
<td><a href="https://github.com/ant-design/ant-design-icons">Ant Design
Icons</a></td>
<td><a href="https://opensource.org/licenses/MIT">MIT</a></td>
<td>4.4.2</td>
<td align="right">831</td>
</tr>
<tr>
<td><a href="https://github.com/twbs/icons">Bootstrap Icons</a></td>
<td><a href="https://opensource.org/licenses/MIT">MIT</a></td>
<td>1.13.1</td>
<td align="right">2754</td>
</tr>
<tr>
<td><a href="https://github.com/Remix-Design/RemixIcon">Remix
Icon</a></td>
<td><a href="http://www.apache.org/licenses/">Apache License Version
2.0</a></td>
<td>4.9.1</td>
<td align="right">3229</td>
</tr>
<tr>
<td><a href="https://github.com/icons8/flat-color-icons">Flat Color
Icons</a></td>
<td><a href="https://opensource.org/licenses/MIT">MIT</a></td>
<td>1.0.2</td>
<td align="right">329</td>
</tr>
<tr>
<td><a
href="https://github.com/grommet/grommet-icons">Grommet-Icons</a></td>
<td><a href="http://www.apache.org/licenses/">Apache License Version
2.0</a></td>
<td>4.14.0</td>
<td align="right">637</td>
</tr>
<tr>
<td><a
href="https://github.com/tailwindlabs/heroicons">Heroicons</a></td>
<td><a href="https://opensource.org/licenses/MIT">MIT</a></td>
<td>1.0.6</td>
<td align="right">460</td>
</tr>
<tr>
<td><a href="https://github.com/tailwindlabs/heroicons">Heroicons
2</a></td>
<td><a href="https://opensource.org/licenses/MIT">MIT</a></td>
<td>2.2.0</td>
<td align="right">972</td>
</tr>
<tr>
<td><a href="https://simpleicons.org/">Simple Icons</a></td>
<td><a href="https://creativecommons.org/publicdomain/zero/1.0/">CC0 1.0
Universal</a></td>
<td>16.24.0</td>
<td align="right">3446</td>
</tr>
<tr>
<td><a href="https://thesabbir.github.io/simple-line-icons/">Simple Line
Icons</a></td>
<td><a href="https://opensource.org/licenses/MIT">MIT</a></td>
<td>2.5.5</td>
<td align="right">189</td>
</tr>
<tr>
<td><a href="https://github.com/Keyamoon/IcoMoon-Free">IcoMoon
Free</a></td>
<td><a
href="https://github.com/Keyamoon/IcoMoon-Free/blob/master/License.txt">CC
BY 4.0 License</a></td>
<td>d006795ede82361e1bac1ee76f215cf1dc51e4ca</td>
<td align="right">491</td>
</tr>
<tr>
<td><a href="https://github.com/atisawd/boxicons">BoxIcons</a></td>
<td><a
href="https://github.com/atisawd/boxicons/blob/master/LICENSE">MIT</a></td>
<td>2.1.4</td>
<td align="right">1634</td>
</tr>
<tr>
<td><a href="https://github.com/astrit/css.gg">css.gg</a></td>
<td><a href="https://opensource.org/licenses/MIT">MIT</a></td>
<td>2.1.4</td>
<td align="right">704</td>
</tr>
<tr>
<td><a href="https://github.com/microsoft/vscode-codicons">VS Code
Icons</a></td>
<td><a href="https://creativecommons.org/licenses/by/4.0/">CC BY
4.0</a></td>
<td>0.0.0</td>
<td align="right">612</td>
</tr>
<tr>
<td><a href="https://github.com/tabler/tabler-icons">Tabler
Icons</a></td>
<td><a href="https://opensource.org/licenses/MIT">MIT</a></td>
<td>3.44.0</td>
<td align="right">6146</td>
</tr>
<tr>
<td><a href="https://github.com/lykmapipo/themify-icons">Themify
Icons</a></td>
<td><a
href="https://github.com/thecreation/standard-icons/blob/master/modules/themify-icons/LICENSE">MIT</a></td>
<td>v0.1.2-2-g9600186</td>
<td align="right">352</td>
</tr>
<tr>
<td><a href="https://icons.radix-ui.com">Radix Icons</a></td>
<td><a
href="https://github.com/radix-ui/icons/blob/master/LICENSE">MIT</a></td>
<td><code>@​radix-ui/react-icons</code><a
href="https://github.com/1"><code>@​1</code></a>.3.2-35-g112af91</td>
<td align="right">332</td>
</tr>
<tr>
<td><a href="https://github.com/phosphor-icons/core">Phosphor
Icons</a></td>
<td><a
href="https://github.com/phosphor-icons/core/blob/main/LICENSE">MIT</a></td>
<td>2.1.1</td>
<td align="right">9072</td>
</tr>
<tr>
<td><a href="https://icons8.com/line-awesome">Icons8 Line
Awesome</a></td>
<td><a
href="https://github.com/icons8/line-awesome/blob/master/LICENSE.md">MIT</a></td>
<td>1.3.1</td>
<td align="right">1544</td>
</tr>
</tbody>
</table>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/react-icons/react-icons/commit/87470d588c5624bf3e291f17527c3ecd1419c8ae"><code>87470d5</code></a>
v5.7.0</li>
<li><a
href="https://github.com/react-icons/react-icons/commit/e1cb06116df395109208fa4786b5e6ae4cc20187"><code>e1cb061</code></a>
fix ci publish</li>
<li><a
href="https://github.com/react-icons/react-icons/commit/bffaab7c0f90d78b240bd06be1c40953be89a992"><code>bffaab7</code></a>
Revert &quot;v5.7.0&quot;</li>
<li><a
href="https://github.com/react-icons/react-icons/commit/2cde989e0d3637fa39471e3f24df99ffb88cb1d1"><code>2cde989</code></a>
v5.7.0</li>
<li><a
href="https://github.com/react-icons/react-icons/commit/dac95ccf8126f41dc068f17fb09573fd86b6a0e9"><code>dac95cc</code></a>
update npm in ci workflow</li>
<li><a
href="https://github.com/react-icons/react-icons/commit/21fcd0452250a30cde4827b83bff3e086b106369"><code>21fcd04</code></a>
Revert &quot;v5.7.0&quot;</li>
<li><a
href="https://github.com/react-icons/react-icons/commit/3a05518a3b8b1fe147c915aea1ca6db6cd212ae8"><code>3a05518</code></a>
v5.7.0</li>
<li><a
href="https://github.com/react-icons/react-icons/commit/c8b5050f417e08a270fc74393d36a7ea844a1977"><code>c8b5050</code></a>
fix github pages deploy</li>
<li><a
href="https://github.com/react-icons/react-icons/commit/2f78ae43254f217c132078956848f257b72ec6cb"><code>2f78ae4</code></a>
Update CI actions, Pages deploy, and staged npm publishing</li>
<li><a
href="https://github.com/react-icons/react-icons/commit/11f5a06ff937287537590bd165ccbd24e9f800e4"><code>11f5a06</code></a>
update packages (<a
href="https://redirect.github.com/react-icons/react-icons/issues/1153">#1153</a>)</li>
<li>See full diff in <a
href="https://github.com/react-icons/react-icons/compare/v5.6.0...v5.7.0">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new
releaser for react-icons since your current version.</p>
</details>
<br />

Updates `@types/react` from 19.2.14 to 19.2.17
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare
view</a></li>
</ul>
</details>
<br />

Updates `@vitejs/plugin-react` from 5.1.4 to 6.0.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite-plugin-react/releases">@​vitejs/plugin-react's
releases</a>.</em></p>
<blockquote>
<h2>plugin-react@6.0.3</h2>
<p>No release notes provided.</p>
<h2>plugin-react@6.0.2</h2>
<h3>Allow all options in reactCompilerPreset (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1189">#1189</a>)</h3>
<p>This is a type only change. Only <code>compilationMode</code> and
<code>target</code> options were available for
<code>reactCompilerPreset</code>.</p>
<h2>plugin-react@6.0.1</h2>
<h3>Expand <code>@rolldown/plugin-babel</code> peer dep range (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1146">#1146</a>)</h3>
<p>Expanded <code>@rolldown/plugin-babel</code> peer dep range to
include <code>^0.2.0</code>.</p>
<h2>plugin-react@6.0.0</h2>
<h3>Remove Babel Related Features (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1123">#1123</a>)</h3>
<p>Vite 8+ can handle React Refresh Transform by Oxc and doesn't need
Babel for it. With that, there are no transform applied that requires
Babel. To reduce the installation size of this plugin, babel is no
longer a dependency of this plugin and the related features are
removed.</p>
<p>If you are using Babel, you can use
<code>@rolldown/plugin-babel</code> together with this plugin:</p>
<pre lang="diff"><code> import { defineConfig } from 'vite'
 import react from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
<p>export default defineConfig({
plugins: [</p>
<ul>
<li>
<pre><code>react({
</code></pre>
</li>
<li>
<pre><code>  babel: {
</code></pre>
</li>
<li>
<pre><code>    plugins: ['@babel/plugin-proposal-throw-expressions'],
</code></pre>
</li>
<li>
<pre><code>  },
</code></pre>
</li>
<li>
<pre><code>}),
</code></pre>
</li>
</ul>
<ul>
<li>
<pre><code>react(),
</code></pre>
</li>
<li>
<pre><code>babel({
</code></pre>
</li>
<li>
<pre><code>  plugins: ['@babel/plugin-proposal-throw-expressions'],
</code></pre>
</li>
<li>
<pre><code>}),
</code></pre>
]
})
</code></pre></li>
</ul>
<p>For React compiler users, you can use
<code>reactCompilerPreset</code> for easier setup with preconfigured
filter to improve build performance:</p>
<pre lang="diff"><code> import { defineConfig } from 'vite'
-import react from '@vitejs/plugin-react'
+import react, { reactCompilerPreset } from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
<p>export default defineConfig({
plugins: [
&lt;/tr&gt;&lt;/table&gt;
</code></pre></p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md">@​vitejs/plugin-react's
changelog</a>.</em></p>
<blockquote>
<h2>6.0.3 (2026-06-23)</h2>
<h2>6.0.2 (2026-05-14)</h2>
<h3>Allow all options in reactCompilerPreset (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1189">#1189</a>)</h3>
<p>This is a type only change. Only <code>compilationMode</code> and
<code>target</code> options were available for
<code>reactCompilerPreset</code>.</p>
<h2>6.0.1 (2026-03-13)</h2>
<h3>Expand <code>@rolldown/plugin-babel</code> peer dep range (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1146">#1146</a>)</h3>
<p>Expanded <code>@rolldown/plugin-babel</code> peer dep range to
include <code>^0.2.0</code>.</p>
<h2>6.0.0 (2026-03-12)</h2>
<h2>6.0.0-beta.0 (2026-03-03)</h2>
<h3>Remove Babel Related Features (<a
href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1123">#1123</a>)</h3>
<p>Vite 8+ can handle React Refresh Transform by Oxc and doesn't need
Babel for it. With that, there are no transform applied that requires
Babel. To reduce the installation size of this plugin, babel is no
longer a dependency of this plugin and the related features are
removed.</p>
<p>If you are using Babel, you can use
<code>@rolldown/plugin-babel</code> together with this plugin:</p>
<pre lang="diff"><code> import { defineConfig } from 'vite'
 import react from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
<p>export default defineConfig({
plugins: [</p>
<ul>
<li>
<pre><code>react({
</code></pre>
</li>
<li>
<pre><code>  babel: {
</code></pre>
</li>
<li>
<pre><code>    plugins: ['@babel/plugin-proposal-throw-expressions'],
</code></pre>
</li>
<li>
<pre><code>  },
</code></pre>
</li>
<li>
<pre><code>}),
</code></pre>
</li>
</ul>
<ul>
<li>
<pre><code>react(),
</code></pre>
</li>
<li>
<pre><code>babel({
</code></pre>
</li>
<li>
<pre><code>  plugins: ['@babel/plugin-proposal-throw-expressions'],
</code></pre>
</li>
<li>
<pre><code>}),
</code></pre>
]
})
</code></pre></li>
</ul>
<p>For React compiler users, you can use
<code>reactCompilerPreset</code> for easier setup with preconfigured
filter to improve build performance:</p>
<pre lang="diff"><code> import { defineConfig } from 'vite'
-import react from '@vitejs/plugin-react'
+import react, { reactCompilerPreset } from '@vitejs/plugin-react'
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/640fd358a0e82393acfce4e92e19a6ac6e1641a7"><code>640fd35</code></a>
release: plugin-react@6.0.3</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/889efb02cdc4ec978a5e177a37e0213cfded38a4"><code>889efb0</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1249">#1249</a>)</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/6c57dd4c5d71075b48039df2532804e72880da21"><code>6c57dd4</code></a>
fix(plugin-react): use '/' base in bundledDev preamble to fix non-root
base p...</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/3cc33a703636b558a1c1c99e787ddc6bd64aab2d"><code>3cc33a7</code></a>
fix(deps): update react-related dependencies (<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1245">#1245</a>)</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/c0f7c7ff709dc9d88bc1f29f1b27c1b3e2bfcfca"><code>c0f7c7f</code></a>
docs: mention the Biome rule in the &quot;Consistent components
exports&quot; section (...</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/cd80f0f7b2b750f6e8f719f9c3dbe4f22ddd94db"><code>cd80f0f</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1241">#1241</a>)</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/e38accafea0c7c84f7fc72fd69d9cec731fa7600"><code>e38acca</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1227">#1227</a>)</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/9a9bb26c23b966dceed47ff9ec257faeb0e777d9"><code>9a9bb26</code></a>
perf(react): improve react compiler preset so that slightly more modules
are ...</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/6535b55e956b425e6650ffc2cc98fd23cca1d231"><code>6535b55</code></a>
release: plugin-react@6.0.2</li>
<li><a
href="https://github.com/vitejs/vite-plugin-react/commit/bf0e43b756e3be81f8572d59727c218311f431ef"><code>bf0e43b</code></a>
feat(react): whitelist debugging-options (<a
href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1189">#1189</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vitejs/vite-plugin-react/commits/plugin-react@6.0.3/packages/plugin-react">compare
view</a></li>
</ul>
</details>
<br />

Updates `eslint-plugin-react-refresh` from 0.5.2 to 0.5.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ArnaudBarre/eslint-plugin-react-refresh/releases">eslint-plugin-react-refresh's
releases</a>.</em></p>
<blockquote>
<h2>v0.5.3</h2>
<ul>
<li>Fix check for non component class exported via <code>export {
}</code> <a
href="https://redirect.github.com/ArnaudBarre/eslint-plugin-react-refresh/pull/110">#110</a>
(fixes <a
href="https://redirect.github.com/ArnaudBarre/eslint-plugin-react-refresh/issues/109">#109</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/ArnaudBarre/eslint-plugin-react-refresh/blob/main/CHANGELOG.md">eslint-plugin-react-refresh's
changelog</a>.</em></p>
<blockquote>
<h2>0.5.3</h2>
<ul>
<li>Fix check for non component class exported via <code>export {
}</code> <a
href="https://redirect.github.com/ArnaudBarre/eslint-plugin-react-refresh/pull/110">#110</a>
(fixes <a
href="https://redirect.github.com/ArnaudBarre/eslint-plugin-react-refresh/issues/109">#109</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ArnaudBarre/eslint-plugin-react-refresh/commit/00818e991486da1e4b76f510f5f9113271549944"><code>00818e9</code></a>
v0.5.3 [publish]</li>
<li><a
href="https://github.com/ArnaudBarre/eslint-plugin-react-refresh/commit/202fc4a8bddcfb442a317ad604693d8436c3d3ea"><code>202fc4a</code></a>
Fix PascalCase class exported via <code>export { Name }</code>
incorrectly treated as Re...</li>
<li>See full diff in <a
href="https://github.com/ArnaudBarre/eslint-plugin-react-refresh/compare/v0.5.2...v0.5.3">compare
view</a></li>
</ul>
</details>
<br />

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarelM <harel.mazor@gmail.com>
2026-07-07 20:38:05 +00:00
Harel M fadf01a51d Remove jsonlint build hack (#1987)
## Launch Checklist

This removes the jsonlint build hack that was used for a long time due
to json lint part of the style spec package that was missing a fix.
This is now no longer needed with the latest style spec package.

 - [x] Briefly describe the changes in this PR.
2026-07-07 20:27:43 +00:00
dependabot[bot] 251fe40fde chore(deps): Bump actions/setup-go from 6.4.0 to 6.5.0 (#1960)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 6.4.0
to 6.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v6.5.0</h2>
<h2>What's Changed</h2>
<h3>Dependency update</h3>
<ul>
<li>Upgrade actions dependencies by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
with <a href="https://github.com/Copilot"><code>@​Copilot</code></a> in
<a
href="https://redirect.github.com/actions/setup-go/pull/744">actions/setup-go#744</a></li>
<li>Upgrade <code>@​types/node</code> and typescript-eslint dependencies
to resolve npm audit findings by <a
href="https://github.com/HarithaVattikuti"><code>@​HarithaVattikuti</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/755">actions/setup-go#755</a></li>
<li>Upgrade <code>@​actions/cache</code> to 5.1.0, log cache write
denied by <a
href="https://github.com/jasongin"><code>@​jasongin</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/758">actions/setup-go#758</a></li>
<li>Upgrade version to 6.5.0 in package.json and package-lock.json by <a
href="https://github.com/HarithaVattikuti"><code>@​HarithaVattikuti</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/762">actions/setup-go#762</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
with <a href="https://github.com/Copilot"><code>@​Copilot</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/744">actions/setup-go#744</a></li>
<li><a href="https://github.com/jasongin"><code>@​jasongin</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/758">actions/setup-go#758</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v6...v6.5.0">https://github.com/actions/setup-go/compare/v6...v6.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-go/commit/924ae3a1cded613372ab5595356fb5720e22ba16"><code>924ae3a</code></a>
chore: bump version to 6.5.0 in package.json and package-lock.json (<a
href="https://redirect.github.com/actions/setup-go/issues/762">#762</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/e91cc3bfe0c3efd0b2d1dc3a51269c9038deb4f1"><code>e91cc3b</code></a>
Bump <code>@​actions/cache</code> to 5.1.0, log cache write denied (<a
href="https://redirect.github.com/actions/setup-go/issues/758">#758</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/4a2405e6aebff6aabd8e43618539aa35cf90ac92"><code>4a2405e</code></a>
chore: update <code>@​types/node</code> and <a
href="https://github.com/typescript-eslint"><code>@​typescript-eslint</code></a>
dependencies to latest versi...</li>
<li><a
href="https://github.com/actions/setup-go/commit/78961f6f84d799cd858575bb931c3e51d3b13290"><code>78961f6</code></a>
chore: update <a
href="https://github.com/actions"><code>@​actions</code></a>
dependencies and refresh license cache (<a
href="https://redirect.github.com/actions/setup-go/issues/744">#744</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-go/compare/4a3601121dd01d1626a1e23e37211e3254c1c06c...924ae3a1cded613372ab5595356fb5720e22ba16">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=6.4.0&new-version=6.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-07 22:54:04 +03:00
dependabot[bot] f175749fb7 chore(deps): Bump codecov/codecov-action from 6.0.1 to 7.0.0 (#1938)
Bumps
[codecov/codecov-action](https://github.com/codecov/codecov-action) from
6.0.1 to 7.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.0</h2>
<p>⚠️ Due to migration issues with keybase, we are unable to update our
keys under the <code>codecovsecurity</code> account. We have deleted the
account and are using <code>codecovsecops</code> with the original gpg
key</p>
<h2>What's Changed</h2>
<ul>
<li>ci: remove Enforce License Compliance workflow by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1950">codecov/codecov-action#1950</a></li>
<li>chore(release): 7.0.0 by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1957">codecov/codecov-action#1957</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v6.0.1...v7.0.0">https://github.com/codecov/codecov-action/compare/v6.0.1...v7.0.0</a></p>
<h2>v6.0.2</h2>
<p>This is a copy of the <code>v7.0.0</code> release to make updates
easier</p>
<h2>What's Changed</h2>
<ul>
<li>ci: remove Enforce License Compliance workflow by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1950">codecov/codecov-action#1950</a></li>
<li>chore(release): 7.0.0 by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1957">codecov/codecov-action#1957</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v6.0.1...v6.0.2">https://github.com/codecov/codecov-action/compare/v6.0.1...v6.0.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md">codecov/codecov-action's
changelog</a>.</em></p>
<blockquote>
<h2>v5.5.2</h2>
<h3>What's Changed</h3>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2">https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2</a></p>
<h2>v5.5.1</h2>
<h3>What's Changed</h3>
<ul>
<li>fix: overwrite pr number on fork by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1871">codecov/codecov-action#1871</a></li>
<li>build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1868">codecov/codecov-action#1868</a></li>
<li>build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1867">codecov/codecov-action#1867</a></li>
<li>fix: update to use local app/ dir by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1872">codecov/codecov-action#1872</a></li>
<li>docs: fix typo in README by <a
href="https://github.com/datalater"><code>@​datalater</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1866">codecov/codecov-action#1866</a></li>
<li>Document a <code>codecov-cli</code> version reference example by <a
href="https://github.com/webknjaz"><code>@​webknjaz</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1774">codecov/codecov-action#1774</a></li>
<li>build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1861">codecov/codecov-action#1861</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1833">codecov/codecov-action#1833</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1">https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1</a></p>
<h2>v5.5.0</h2>
<h3>What's Changed</h3>
<ul>
<li>feat: upgrade wrapper to 0.2.4 by <a
href="https://github.com/jviall"><code>@​jviall</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1864">codecov/codecov-action#1864</a></li>
<li>Pin actions/github-script by Git SHA by <a
href="https://github.com/martincostello"><code>@​martincostello</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1859">codecov/codecov-action#1859</a></li>
<li>fix: check reqs exist by <a
href="https://github.com/joseph-sentry"><code>@​joseph-sentry</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1835">codecov/codecov-action#1835</a></li>
<li>fix: Typo in README by <a
href="https://github.com/spalmurray"><code>@​spalmurray</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1838">codecov/codecov-action#1838</a></li>
<li>docs: Refine OIDC docs by <a
href="https://github.com/spalmurray"><code>@​spalmurray</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1837">codecov/codecov-action#1837</a></li>
<li>build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1829">codecov/codecov-action#1829</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0">https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0</a></p>
<h2>v5.4.3</h2>
<h3>What's Changed</h3>
<ul>
<li>build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by
<code>@​app/dependabot</code> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1822">codecov/codecov-action#1822</a></li>
<li>fix: OIDC on forks by <a
href="https://github.com/joseph-sentry"><code>@​joseph-sentry</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1823">codecov/codecov-action#1823</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3">https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3</a></p>
<h2>v5.4.2</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/codecov/codecov-action/commit/fb8b3582c8e4def4969c97caa2f19720cb33a72f"><code>fb8b358</code></a>
chore(release): 7.0.0 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1957">#1957</a>)</li>
<li><a
href="https://github.com/codecov/codecov-action/commit/ca0a928a4cb3911011e868128a5cd90437c12db1"><code>ca0a928</code></a>
ci: remove Enforce License Compliance workflow (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1950">#1950</a>)</li>
<li>See full diff in <a
href="https://github.com/codecov/codecov-action/compare/e79a6962e0d4c0c17b229090214935d2e33f8354...fb8b3582c8e4def4969c97caa2f19720cb33a72f">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=6.0.1&new-version=7.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-07 22:53:49 +03:00
dependabot[bot] f9219c3c83 chore(deps): Bump github/codeql-action/autobuild from 4.36.2 to 4.36.3 (#1986)
Bumps
[github/codeql-action/autobuild](https://github.com/github/codeql-action)
from 4.36.2 to 4.36.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action/autobuild's
releases</a>.</em></p>
<blockquote>
<h2>v4.36.3</h2>
<p>No user facing changes.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action/autobuild's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.36.3 - 01 Jul 2026</h2>
<p>No user facing changes.</p>
<h2>4.36.2 - 04 Jun 2026</h2>
<ul>
<li>Cache CodeQL CLI version information across Actions steps. <a
href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li>
<li>Reduce requests while waiting for analysis processing by using
exponential backoff when polling SARIF processing status. <a
href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li>
</ul>
<h2>4.36.1 - 02 Jun 2026</h2>
<p>No user facing changes.</p>
<h2>4.36.0 - 22 May 2026</h2>
<ul>
<li><em>Breaking change</em>: Bump the minimum required CodeQL bundle
version to 2.19.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3894">#3894</a></li>
<li>Add support for SHA-256 Git object IDs. <a
href="https://redirect.github.com/github/codeql-action/pull/3893">#3893</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5">2.25.5</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3926">#3926</a></li>
</ul>
<h2>4.35.5 - 15 May 2026</h2>
<ul>
<li>We have improved how the JavaScript bundles for the CodeQL Action
are generated to avoid duplication across bundles and reduce the size of
the repository by around 70%. This should have no effect on the runtime
behaviour of the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li>
<li>For performance and accuracy reasons, <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> will now only be enabled on a pull request when
diff-informed analysis is also enabled for that run. If diff-informed
analysis is unavailable (for example, because the PR diff ranges could
not be computed), the action will fall back to a full analysis. <a
href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li>
<li>If multiple inputs are provided for the GitHub-internal
<code>analysis-kinds</code> input, only <code>code-scanning</code> will
be enabled. The <code>analysis-kinds</code> input is experimental, for
GitHub-internal use only, and may change without notice at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li>
<li>Added an experimental change which, when running a Code Scanning
analysis for a PR with <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> enabled, prefers CodeQL CLI versions that have
a cached overlay-base database for the configured languages. This speeds
up analysis for a repository when there is not yet a cached overlay-base
database for the latest CLI version. We expect to roll this change out
to everyone in May. <a
href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li>
</ul>
<h2>4.35.4 - 07 May 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li>
</ul>
<h2>4.35.3 - 01 May 2026</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.19.3 and earlier. These versions of
CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise
Server 3.15, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li>
<li>Configurations for private registries that use Cloudsmith or GCP
OIDC are now accepted. <a
href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li>
<li>Best-effort connection tests for private registries now use
<code>GET</code> requests instead of <code>HEAD</code> for better
compatibility with various registry implementations. For NuGet feeds,
the test is now always performed against the service index. <a
href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li>
<li>Fixed a bug where two diagnostics produced within the same
millisecond could overwrite each other on disk, causing one of them to
be lost. <a
href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li>
</ul>
<h2>4.35.2 - 15 Apr 2026</h2>
<ul>
<li>The undocumented TRAP cache cleanup feature that could be enabled
using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment
variable is deprecated and will be removed in May 2026. If you are
affected by this, we recommend disabling TRAP caching by passing the
<code>trap-caching: false</code> input to the <code>init</code> Action.
<a
href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/54f647b7e1bb85c95cddabcd46b0c578ec92bc1a"><code>54f647b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3984">#3984</a>
from github/update-v4.36.3-1f34ec164</li>
<li><a
href="https://github.com/github/codeql-action/commit/e78819e05527766c3c5919e3177647e280c6cb83"><code>e78819e</code></a>
Trigger checks</li>
<li><a
href="https://github.com/github/codeql-action/commit/2c9d3d63eb4941734e2d29468953529a56f5ff1c"><code>2c9d3d6</code></a>
Update changelog for v4.36.3</li>
<li><a
href="https://github.com/github/codeql-action/commit/1f34ec16430d82636d18716acc7aaa6d843b35a9"><code>1f34ec1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3983">#3983</a>
from github/mbg/repo-props/ff-for-config-file-prop</li>
<li><a
href="https://github.com/github/codeql-action/commit/d5f0145480025b49d8b08c3f6b36e6ad41a68c90"><code>d5f0145</code></a>
Log when repository property has a value but is ignored</li>
<li><a
href="https://github.com/github/codeql-action/commit/f27f56386a3c745af8d7bbfb806098c714a5e32a"><code>f27f563</code></a>
Add test for when the FF is off</li>
<li><a
href="https://github.com/github/codeql-action/commit/0025d0f2b5676fde748a0be9725dcce18dd9f986"><code>0025d0f</code></a>
Use FF</li>
<li><a
href="https://github.com/github/codeql-action/commit/f7fa18f05d107ff6735857c3510fbff190c9a1eb"><code>f7fa18f</code></a>
Add FF for config file repo property</li>
<li><a
href="https://github.com/github/codeql-action/commit/628fc3f124e68b0151f0d2a5d81e864ee1e42335"><code>628fc3f</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3979">#3979</a>
from github/henrymercer/overlay-db-cleanup-size-tele...</li>
<li><a
href="https://github.com/github/codeql-action/commit/9cfb67bab9b32441237f92d4ba29a7f3ccff259f"><code>9cfb67b</code></a>
Add clarifying comments</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/8aad20d150bbac5944a9f9d289da16a4b0d87c1e...54f647b7e1bb85c95cddabcd46b0c578ec92bc1a">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action/autobuild&package-manager=github_actions&previous-version=4.36.2&new-version=4.36.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-07 13:53:51 +00:00
dependabot[bot] f78b9ccaaa chore(deps): Bump @codemirror/view from 6.43.4 to 6.43.5 (#1985)
Bumps [@codemirror/view](https://github.com/codemirror/view) from 6.43.4
to 6.43.5.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/codemirror/view/commits">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@codemirror/view&package-manager=npm_and_yarn&previous-version=6.43.4&new-version=6.43.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-07 13:51:35 +00:00
dependabot[bot] bb73a2b1e8 chore(deps): Bump github/codeql-action/analyze from 4.36.2 to 4.36.3 (#1982)
Bumps
[github/codeql-action/analyze](https://github.com/github/codeql-action)
from 4.36.2 to 4.36.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action/analyze's
releases</a>.</em></p>
<blockquote>
<h2>v4.36.3</h2>
<p>No user facing changes.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action/analyze's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.36.3 - 01 Jul 2026</h2>
<p>No user facing changes.</p>
<h2>4.36.2 - 04 Jun 2026</h2>
<ul>
<li>Cache CodeQL CLI version information across Actions steps. <a
href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li>
<li>Reduce requests while waiting for analysis processing by using
exponential backoff when polling SARIF processing status. <a
href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li>
</ul>
<h2>4.36.1 - 02 Jun 2026</h2>
<p>No user facing changes.</p>
<h2>4.36.0 - 22 May 2026</h2>
<ul>
<li><em>Breaking change</em>: Bump the minimum required CodeQL bundle
version to 2.19.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3894">#3894</a></li>
<li>Add support for SHA-256 Git object IDs. <a
href="https://redirect.github.com/github/codeql-action/pull/3893">#3893</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5">2.25.5</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3926">#3926</a></li>
</ul>
<h2>4.35.5 - 15 May 2026</h2>
<ul>
<li>We have improved how the JavaScript bundles for the CodeQL Action
are generated to avoid duplication across bundles and reduce the size of
the repository by around 70%. This should have no effect on the runtime
behaviour of the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li>
<li>For performance and accuracy reasons, <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> will now only be enabled on a pull request when
diff-informed analysis is also enabled for that run. If diff-informed
analysis is unavailable (for example, because the PR diff ranges could
not be computed), the action will fall back to a full analysis. <a
href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li>
<li>If multiple inputs are provided for the GitHub-internal
<code>analysis-kinds</code> input, only <code>code-scanning</code> will
be enabled. The <code>analysis-kinds</code> input is experimental, for
GitHub-internal use only, and may change without notice at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li>
<li>Added an experimental change which, when running a Code Scanning
analysis for a PR with <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> enabled, prefers CodeQL CLI versions that have
a cached overlay-base database for the configured languages. This speeds
up analysis for a repository when there is not yet a cached overlay-base
database for the latest CLI version. We expect to roll this change out
to everyone in May. <a
href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li>
</ul>
<h2>4.35.4 - 07 May 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li>
</ul>
<h2>4.35.3 - 01 May 2026</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.19.3 and earlier. These versions of
CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise
Server 3.15, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li>
<li>Configurations for private registries that use Cloudsmith or GCP
OIDC are now accepted. <a
href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li>
<li>Best-effort connection tests for private registries now use
<code>GET</code> requests instead of <code>HEAD</code> for better
compatibility with various registry implementations. For NuGet feeds,
the test is now always performed against the service index. <a
href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li>
<li>Fixed a bug where two diagnostics produced within the same
millisecond could overwrite each other on disk, causing one of them to
be lost. <a
href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li>
</ul>
<h2>4.35.2 - 15 Apr 2026</h2>
<ul>
<li>The undocumented TRAP cache cleanup feature that could be enabled
using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment
variable is deprecated and will be removed in May 2026. If you are
affected by this, we recommend disabling TRAP caching by passing the
<code>trap-caching: false</code> input to the <code>init</code> Action.
<a
href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/54f647b7e1bb85c95cddabcd46b0c578ec92bc1a"><code>54f647b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3984">#3984</a>
from github/update-v4.36.3-1f34ec164</li>
<li><a
href="https://github.com/github/codeql-action/commit/e78819e05527766c3c5919e3177647e280c6cb83"><code>e78819e</code></a>
Trigger checks</li>
<li><a
href="https://github.com/github/codeql-action/commit/2c9d3d63eb4941734e2d29468953529a56f5ff1c"><code>2c9d3d6</code></a>
Update changelog for v4.36.3</li>
<li><a
href="https://github.com/github/codeql-action/commit/1f34ec16430d82636d18716acc7aaa6d843b35a9"><code>1f34ec1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3983">#3983</a>
from github/mbg/repo-props/ff-for-config-file-prop</li>
<li><a
href="https://github.com/github/codeql-action/commit/d5f0145480025b49d8b08c3f6b36e6ad41a68c90"><code>d5f0145</code></a>
Log when repository property has a value but is ignored</li>
<li><a
href="https://github.com/github/codeql-action/commit/f27f56386a3c745af8d7bbfb806098c714a5e32a"><code>f27f563</code></a>
Add test for when the FF is off</li>
<li><a
href="https://github.com/github/codeql-action/commit/0025d0f2b5676fde748a0be9725dcce18dd9f986"><code>0025d0f</code></a>
Use FF</li>
<li><a
href="https://github.com/github/codeql-action/commit/f7fa18f05d107ff6735857c3510fbff190c9a1eb"><code>f7fa18f</code></a>
Add FF for config file repo property</li>
<li><a
href="https://github.com/github/codeql-action/commit/628fc3f124e68b0151f0d2a5d81e864ee1e42335"><code>628fc3f</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3979">#3979</a>
from github/henrymercer/overlay-db-cleanup-size-tele...</li>
<li><a
href="https://github.com/github/codeql-action/commit/9cfb67bab9b32441237f92d4ba29a7f3ccff259f"><code>9cfb67b</code></a>
Add clarifying comments</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/8aad20d150bbac5944a9f9d289da16a4b0d87c1e...54f647b7e1bb85c95cddabcd46b0c578ec92bc1a">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action/analyze&package-manager=github_actions&previous-version=4.36.2&new-version=4.36.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-07 15:24:39 +03:00
dependabot[bot] a4da75d722 chore(deps): Bump docker/login-action from 4.2.0 to 4.4.0 (#1983)
Bumps [docker/login-action](https://github.com/docker/login-action) from
4.2.0 to 4.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/login-action/releases">docker/login-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.4.0</h2>
<ul>
<li>Skip empty <code>registry-auth</code> secret mask by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/login-action/pull/1035">docker/login-action#1035</a></li>
<li>Bump <code>@​aws-sdk/client-ecr</code> and
<code>@​aws-sdk/client-ecr-public</code> to 3.1077.0 <a
href="https://redirect.github.com/docker/login-action/pull/1034">docker/login-action#1034</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v4.3.0...v4.4.0">https://github.com/docker/login-action/compare/v4.3.0...v4.4.0</a></p>
<h2>v4.3.0</h2>
<ul>
<li>Preserve names in esbuild bundle by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/login-action/pull/1022">docker/login-action#1022</a></li>
<li>Bump <code>@​aws-sdk/client-ecr</code> and
<code>@​aws-sdk/client-ecr-public</code> to 3.1076.0 <a
href="https://redirect.github.com/docker/login-action/pull/999">docker/login-action#999</a>
<a
href="https://redirect.github.com/docker/login-action/pull/1030">docker/login-action#1030</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.90.0 to 0.92.0 in
<a
href="https://redirect.github.com/docker/login-action/pull/1004">docker/login-action#1004</a>
<a
href="https://redirect.github.com/docker/login-action/pull/1027">docker/login-action#1027</a></li>
<li>Bump <code>@​sigstore/core</code> from 3.1.0 to 3.2.1 in <a
href="https://redirect.github.com/docker/login-action/pull/1023">docker/login-action#1023</a></li>
<li>Bump <code>@​sigstore/verify</code> from 3.1.0 to 3.1.1 in <a
href="https://redirect.github.com/docker/login-action/pull/1029">docker/login-action#1029</a></li>
<li>Bump http-proxy-agent and https-proxy-agent to 9.1.0 in <a
href="https://redirect.github.com/docker/login-action/pull/1017">docker/login-action#1017</a></li>
<li>Bump js-yaml from 4.1.1 to 5.2.0 in <a
href="https://redirect.github.com/docker/login-action/pull/1028">docker/login-action#1028</a></li>
<li>Bump sigstore from 4.1.0 to 4.1.1 in <a
href="https://redirect.github.com/docker/login-action/pull/1031">docker/login-action#1031</a></li>
<li>Bump tmp from 0.2.5 to 0.2.7 in <a
href="https://redirect.github.com/docker/login-action/pull/1002">docker/login-action#1002</a></li>
<li>Bump undici from 6.24.1 to 6.27.0 in <a
href="https://redirect.github.com/docker/login-action/pull/1020">docker/login-action#1020</a></li>
<li>Bump vite from 7.3.3 to 7.3.6 in <a
href="https://redirect.github.com/docker/login-action/pull/1019">docker/login-action#1019</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v4.2.0...v4.3.0">https://github.com/docker/login-action/compare/v4.2.0...v4.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/login-action/commit/af1e73f918a031802d376d3c8bbc3fe56130a9b0"><code>af1e73f</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/1034">#1034</a>
from docker/dependabot/npm_and_yarn/aws-sdk-dependen...</li>
<li><a
href="https://github.com/docker/login-action/commit/da722bde43bacb027adfc67d42dbaa4c0f9e550b"><code>da722bd</code></a>
[dependabot skip] chore: update generated content</li>
<li><a
href="https://github.com/docker/login-action/commit/2916ad60bd5cb72f07aa54c69fdcc61749c09b7a"><code>2916ad6</code></a>
build(deps): bump the aws-sdk-dependencies group across 1 directory with
2 up...</li>
<li><a
href="https://github.com/docker/login-action/commit/ca0a662f786e4cfddce972005bd68f3dafc3a903"><code>ca0a662</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/1035">#1035</a>
from crazy-max/fix-registry-auth-empty-mask</li>
<li><a
href="https://github.com/docker/login-action/commit/c455755a579833bf0d2e4e54e3beb413ef10cc80"><code>c455755</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/login-action/commit/48351901f89581a7c12870c787d3f06d1f498438"><code>4835190</code></a>
skip empty registry-auth secret mask</li>
<li><a
href="https://github.com/docker/login-action/commit/992421c6e6806a7f6df609d1bfff374f9eca3004"><code>992421c</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/1033">#1033</a>
from docker/dependabot/github_actions/docker/bake-ac...</li>
<li><a
href="https://github.com/docker/login-action/commit/b249b43765525dd7951068267a34cf63f22ab4f0"><code>b249b43</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/1032">#1032</a>
from docker/dependabot/github_actions/docker/bake-ac...</li>
<li><a
href="https://github.com/docker/login-action/commit/1b67977736863551a88ff218642a2d7628b10520"><code>1b67977</code></a>
build(deps): bump docker/bake-action from 7.2.0 to 7.3.0</li>
<li><a
href="https://github.com/docker/login-action/commit/9d49d6a3234c78daa10c3c12183ef7b6caa8e69e"><code>9d49d6a</code></a>
build(deps): bump docker/bake-action/subaction/matrix</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/login-action/compare/650006c6eb7dba73a995cc03b0b2d7f5ca915bee...af1e73f918a031802d376d3c8bbc3fe56130a9b0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/login-action&package-manager=github_actions&previous-version=4.2.0&new-version=4.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-06 13:53:39 +00:00
dependabot[bot] 1b314b11b9 chore(deps): Bump github/codeql-action/init from 4.36.2 to 4.36.3 (#1981)
Bumps
[github/codeql-action/init](https://github.com/github/codeql-action)
from 4.36.2 to 4.36.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action/init's
releases</a>.</em></p>
<blockquote>
<h2>v4.36.3</h2>
<p>No user facing changes.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action/init's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.36.3 - 01 Jul 2026</h2>
<p>No user facing changes.</p>
<h2>4.36.2 - 04 Jun 2026</h2>
<ul>
<li>Cache CodeQL CLI version information across Actions steps. <a
href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li>
<li>Reduce requests while waiting for analysis processing by using
exponential backoff when polling SARIF processing status. <a
href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li>
</ul>
<h2>4.36.1 - 02 Jun 2026</h2>
<p>No user facing changes.</p>
<h2>4.36.0 - 22 May 2026</h2>
<ul>
<li><em>Breaking change</em>: Bump the minimum required CodeQL bundle
version to 2.19.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3894">#3894</a></li>
<li>Add support for SHA-256 Git object IDs. <a
href="https://redirect.github.com/github/codeql-action/pull/3893">#3893</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5">2.25.5</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3926">#3926</a></li>
</ul>
<h2>4.35.5 - 15 May 2026</h2>
<ul>
<li>We have improved how the JavaScript bundles for the CodeQL Action
are generated to avoid duplication across bundles and reduce the size of
the repository by around 70%. This should have no effect on the runtime
behaviour of the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li>
<li>For performance and accuracy reasons, <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> will now only be enabled on a pull request when
diff-informed analysis is also enabled for that run. If diff-informed
analysis is unavailable (for example, because the PR diff ranges could
not be computed), the action will fall back to a full analysis. <a
href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li>
<li>If multiple inputs are provided for the GitHub-internal
<code>analysis-kinds</code> input, only <code>code-scanning</code> will
be enabled. The <code>analysis-kinds</code> input is experimental, for
GitHub-internal use only, and may change without notice at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li>
<li>Added an experimental change which, when running a Code Scanning
analysis for a PR with <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> enabled, prefers CodeQL CLI versions that have
a cached overlay-base database for the configured languages. This speeds
up analysis for a repository when there is not yet a cached overlay-base
database for the latest CLI version. We expect to roll this change out
to everyone in May. <a
href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li>
</ul>
<h2>4.35.4 - 07 May 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li>
</ul>
<h2>4.35.3 - 01 May 2026</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.19.3 and earlier. These versions of
CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise
Server 3.15, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li>
<li>Configurations for private registries that use Cloudsmith or GCP
OIDC are now accepted. <a
href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li>
<li>Best-effort connection tests for private registries now use
<code>GET</code> requests instead of <code>HEAD</code> for better
compatibility with various registry implementations. For NuGet feeds,
the test is now always performed against the service index. <a
href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li>
<li>Fixed a bug where two diagnostics produced within the same
millisecond could overwrite each other on disk, causing one of them to
be lost. <a
href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li>
</ul>
<h2>4.35.2 - 15 Apr 2026</h2>
<ul>
<li>The undocumented TRAP cache cleanup feature that could be enabled
using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment
variable is deprecated and will be removed in May 2026. If you are
affected by this, we recommend disabling TRAP caching by passing the
<code>trap-caching: false</code> input to the <code>init</code> Action.
<a
href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/54f647b7e1bb85c95cddabcd46b0c578ec92bc1a"><code>54f647b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3984">#3984</a>
from github/update-v4.36.3-1f34ec164</li>
<li><a
href="https://github.com/github/codeql-action/commit/e78819e05527766c3c5919e3177647e280c6cb83"><code>e78819e</code></a>
Trigger checks</li>
<li><a
href="https://github.com/github/codeql-action/commit/2c9d3d63eb4941734e2d29468953529a56f5ff1c"><code>2c9d3d6</code></a>
Update changelog for v4.36.3</li>
<li><a
href="https://github.com/github/codeql-action/commit/1f34ec16430d82636d18716acc7aaa6d843b35a9"><code>1f34ec1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3983">#3983</a>
from github/mbg/repo-props/ff-for-config-file-prop</li>
<li><a
href="https://github.com/github/codeql-action/commit/d5f0145480025b49d8b08c3f6b36e6ad41a68c90"><code>d5f0145</code></a>
Log when repository property has a value but is ignored</li>
<li><a
href="https://github.com/github/codeql-action/commit/f27f56386a3c745af8d7bbfb806098c714a5e32a"><code>f27f563</code></a>
Add test for when the FF is off</li>
<li><a
href="https://github.com/github/codeql-action/commit/0025d0f2b5676fde748a0be9725dcce18dd9f986"><code>0025d0f</code></a>
Use FF</li>
<li><a
href="https://github.com/github/codeql-action/commit/f7fa18f05d107ff6735857c3510fbff190c9a1eb"><code>f7fa18f</code></a>
Add FF for config file repo property</li>
<li><a
href="https://github.com/github/codeql-action/commit/628fc3f124e68b0151f0d2a5d81e864ee1e42335"><code>628fc3f</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3979">#3979</a>
from github/henrymercer/overlay-db-cleanup-size-tele...</li>
<li><a
href="https://github.com/github/codeql-action/commit/9cfb67bab9b32441237f92d4ba29a7f3ccff259f"><code>9cfb67b</code></a>
Add clarifying comments</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/8aad20d150bbac5944a9f9d289da16a4b0d87c1e...54f647b7e1bb85c95cddabcd46b0c578ec92bc1a">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action/init&package-manager=github_actions&previous-version=4.36.2&new-version=4.36.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-06 13:52:12 +00:00
7 changed files with 300 additions and 437 deletions
+4 -4
View File
@@ -56,7 +56,7 @@ jobs:
# Build and upload desktop CLI artifacts
- name: Set up Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0
with:
go-version: ^1.23.x
cache-dependency-path: desktop/go.sum
@@ -98,7 +98,7 @@ jobs:
- run: npm ci
- run: npm run test-unit-ci
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
with:
files: ${{ github.workspace }}/coverage/coverage-final.json
verbose: true
@@ -124,7 +124,7 @@ jobs:
start: npm run start
browser: chrome
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
with:
files: ${{ github.workspace }}/.nyc_output/out.json
verbose: true
@@ -148,7 +148,7 @@ jobs:
start: docker run --rm --network host maputnik --port=8888
browser: chrome
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
with:
files: ${{ github.workspace }}/.nyc_output/out.json
verbose: true
+3 -3
View File
@@ -42,7 +42,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,7 +53,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
uses: github/codeql-action/autobuild@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3
# ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
@@ -67,4 +67,4 @@ jobs:
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3
+1 -1
View File
@@ -45,7 +45,7 @@ jobs:
steps:
- name: Login to GitHub Container Registry
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0
with:
registry: ghcr.io
username: ${{ github.actor }}
+1 -1
View File
@@ -54,7 +54,7 @@ jobs:
registry-url: "https://registry.npmjs.org"
- name: Set up Go for desktop build
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0
with:
go-version: ^1.23.x
cache-dependency-path: desktop/go.sum
+281 -408
View File
File diff suppressed because it is too large Load Diff
+10 -11
View File
@@ -30,14 +30,14 @@
"@codemirror/lint": "^6.9.7",
"@codemirror/state": "^6.7.0",
"@codemirror/theme-one-dark": "^6.1.3",
"@codemirror/view": "^6.43.4",
"@codemirror/view": "^6.43.5",
"@dnd-kit/core": "^6.3.1",
"@dnd-kit/sortable": "^10.0.0",
"@dnd-kit/utilities": "^3.2.2",
"@mapbox/mapbox-gl-rtl-text": "^0.4.0",
"@maplibre/maplibre-gl-geocoder": "^1.9.4",
"@maplibre/maplibre-gl-inspect": "^1.8.2",
"@maplibre/maplibre-gl-style-spec": "^25.0.1",
"@maplibre/maplibre-gl-style-spec": "^25.0.2",
"array-move": "^4.0.0",
"buffer": "^6.0.3",
"classnames": "^2.5.1",
@@ -65,15 +65,15 @@
"ol-mapbox-style": "^13.4.1",
"pmtiles": "^4.4.1",
"prop-types": "^15.8.1",
"react": "^19.2.4",
"react": "^19.2.7",
"react-accessible-accordion": "^5.0.1",
"react-aria-menubutton": "^8.0.0",
"react-aria-modal": "^5.0.2",
"react-collapse": "^5.1.1",
"react-color": "^2.19.3",
"react-dom": "^19.2.4",
"react-i18next": "^17.0.7",
"react-icons": "^5.6.0",
"react-dom": "^19.2.7",
"react-i18next": "^17.0.8",
"react-icons": "^5.7.0",
"react-markdown": "^10.1.0",
"reconnecting-websocket": "^4.4.0",
"slugify": "^1.6.9",
@@ -101,7 +101,6 @@
"@cypress/code-coverage": "^4.0.3",
"@eslint/js": "^10.0.1",
"@istanbuljs/nyc-config-typescript": "^1.0.2",
"@rollup/plugin-replace": "^6.0.3",
"@shellygo/cypress-test-utils": "^6.0.6",
"@stylistic/eslint-plugin": "^5.10.0",
"@types/codemirror": "^5.60.17",
@@ -117,7 +116,7 @@
"@types/lodash.isequal": "^4.5.8",
"@types/lodash.throttle": "^4.1.9",
"@types/randomcolor": "^0.5.9",
"@types/react": "^19.2.14",
"@types/react": "^19.2.17",
"@types/react-aria-menubutton": "^6.2.14",
"@types/react-aria-modal": "^5.0.0",
"@types/react-collapse": "^5.0.4",
@@ -125,7 +124,7 @@
"@types/react-dom": "^19.2.3",
"@types/string-hash": "^1.1.3",
"@types/wicg-file-system-access": "^2023.10.7",
"@vitejs/plugin-react": "^5.1.4",
"@vitejs/plugin-react": "6.0",
"@vitest/coverage-v8": "^4.1.9",
"cors": "^2.8.6",
"cypress": "^15.18.0",
@@ -133,8 +132,8 @@
"eslint": "^10.6.0",
"eslint-plugin-react": "^7.37.5",
"eslint-plugin-react-hooks": "^7.1.1",
"eslint-plugin-react-refresh": "^0.5.2",
"i18next-cli": "^1.53.2",
"eslint-plugin-react-refresh": "^0.5.3",
"i18next-cli": "^1.65.0",
"istanbul": "^0.4.5",
"istanbul-lib-coverage": "^3.2.2",
"postcss": "^8.5.16",
-9
View File
@@ -1,4 +1,3 @@
import replace from "@rollup/plugin-replace";
import react from "@vitejs/plugin-react";
import { defineConfig } from "vite";
import istanbul from "vite-plugin-istanbul";
@@ -11,14 +10,6 @@ export default defineConfig(({ mode }) => ({
sourcemap: true
},
plugins: [
replace({
preventAssignment: true,
include: /\/jsonlint-lines-primitives\/lib\/jsonlint.js/,
delimiters: ["", ""],
values: {
"_token_stack:": "",
},
}),
react(),
istanbul({
cypress: true,