Skip to content

chore(deps): update dependency actionlint_linux_arm64 to v1.7.11#500

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/actionlint_linux_arm64-1.x
Open

chore(deps): update dependency actionlint_linux_arm64 to v1.7.11#500
renovate[bot] wants to merge 1 commit intomainfrom
renovate/actionlint_linux_arm64-1.x

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Nov 2, 2025
edited
Loading

This PR contains the following updates:

Package Type Update New value References Sourcegraph
actionlint_linux_arm64 http_archive patch v1.7.11 source code search for "actionlint_linux_arm64"

Test plan: CI should pass with updated dependencies. No review required: this is an automated dependency update PR.

Release Notes

rhysd/actionlint (actionlint_linux_arm64)

v1.7.11

Compare Source

  • Support the case() function in ${{ }} expressions which was recently added to GitHub Actions. (#​612, #​614, thanks @​heppu) 
    env:
  # ERROR: case() requires an odd number of arguments
  ENVIRONMENT: |-
    ${{ case(
      github.ref == 'refs/heads/main', 'production',
      github.ref == 'refs/heads/staging', 'staging'
    ) }}
  • Support new macos-26-large and windows-2025-vs2026 runner labels. See the GitHub's announce for more details. (#​615, thanks @​hugovk and @​muzimuzhi)
  • Enable Artifact attestations for the released binaries. From v1.7.11 gh command can verify the integrity of the downloaded binaries as follows. The verification is highly recommended in terms of supply chain security. (#​608, thanks @​takaram) 
    $ gh release download --repo rhysd/actionlint --pattern '*_darwin_amd64.tar.gz' v1.7.11
$ gh attestation verify --repo rhysd/actionlint actionlint_1.7.11_darwin_amd64.tar.gz
Loaded digest sha256:17ffc17fed8f0258ef6ad4aed932d3272464c7ef7d64e1cb0d65aa97c9752107 for file://actionlint_1.7.11_darwin_amd64.tar.gz
Loaded 1 attestation from GitHub API

The following policy criteria will be enforced:
- Predicate type must match:................ https://slsa.dev/provenance/v1
- Source Repository Owner URI must match:... https://github.com/rhysd
- Source Repository URI must match:......... https://github.com/rhysd/actionlint
- Subject Alternative Name must match regex: (?i)^https://github.com/rhysd/actionlint/
- OIDC Issuer must match:................... https://token.actions.githubusercontent.com

✓ Verification succeeded!

The following 1 attestation matched the policy criteria

- Attestation #​1
  - Build repo:..... rhysd/actionlint
  - Build workflow:. .github/workflows/release.yaml@refs/tags/v1.7.11
  - Signer repo:.... rhysd/actionlint
  - Signer workflow: .github/workflows/release.yaml@refs/tags/v1.7.11
  • Report path filters with ./ because they never match anything. (#​521) 
    on:
  push:
    paths:
      # ERROR: This never matches anything. `foo/bar.txt` is correct.
      - ./foo/bar.txt
  • Fix comparing matrix items when an item is a super set of another item. (#​523, #​613, thanks @​michaelgruenewald)
  • Fix stack overflow crash by a recursive anchor in matrix items. (#​610)
  • Fix a unassigned variable false positive from shellcheck by disabling SC2153 rule. (#​573)
  • Reduce the number of memory allocations on resolving anchors.
  • Update the popular actions data set to the latest.
  • Update Go dependencies to the latest.
  • Remove legacy Homebrew formula in rhysd/actionlint repository in favor of the cask package. Note that this change does not affect Homebrew's official formula.
  • Add a link to the release page of the version in the playground.

[Changes][v1.7.11]

v1.7.10

Compare Source

  • Support YAML anchors and aliases (&anchor and *anchor) in workflow files. In addition to parsing YAML anchors correctly, actionlint checks unused and undefined anchors. See the document for more details. (#​133, thanks @​srz-zumix for the initial implementation at #​568 and @​alexaandru for trying another approach at #​557) 
    jobs:
  test:
    runs-on: ubuntu-latest
    services:
      nginx:
        image: nginx:latest
        credentials: &credentials
          username: ${{ secrets.user }}
          password: ${{ secrets.password }}
    steps:
      - run: ./download.sh
        # OK: Valid alias to &credentials
        env: *credentials
      - run: ./check.sh
        # ERROR: Undefined anchor 'credential'
        env: *credential
      - run: ./upload.sh
        # ERROR: Unused anchor 'credentials'
        env: &credentials
  • Remove support for *-xl macOS runner labels because they were dropped. (#​592, thanks @​muzimuzhi)
  • Remove support for the macOS 13 runner labels because they were dropped on Dec 4, 2025. (#​593, thanks @​muzimuzhi)
    • macos-13
    • macos-13-large
    • macos-13-xlarge
  • Increase the maximum number of inputs in the workflow_dispatch event from 10 to 25 because the limitation was recently relaxed. (#​598, thanks @​Haegi)
  • Support artifact-metadata permission for workflow permissions. (#​602, thanks @​martincostello)
  • Detect more complicated constants at if: conditions as error. See the rule document for more details.
  • Refactor the workflow parser with Go iterators. This slightly improves the performance and memory usage.
  • Fix parsing extra { and } characters in format string of format() function call. For example v1.7.9 didn't parse "{{0} {1} {2}}" correctly.
  • Detect an invalid value at type in workflow call inputs as error.
  • Report YAML merge key << as error because GitHub Actions doesn't support the syntax.
  • Check available contexts in expressions at jobs.<job_id>.snapshot.if. 
    snapshot:
  image-name: my-custom-image
  # ERROR: `env` context is not allowed here
  if: ${{ env.USE_SNAPSHOT == 'true' }}
  • Fix the instruction to install actionlint with mise in the installation document. (#​591, thanks @​risu729)
  • Update the popular actions data set to the latest to include new major versions of the actions.

[Changes][v1.7.10]

v1.7.9

Compare Source

  • Add support for ubuntu-slim runner label. (#​585, thanks @​cestorer)
  • Check input deprecation in action by checking deprecationMessage property. Using a deprecated input is reported as error if it is not marked as required. See the document for more details. (#​580) 
    - uses: reviewdog/action-actionlint@v1
  with:
    # ERROR: Using a deprecated input
    fail_on_error: true
  • Add support for the Custom images feature.
  • Fix some invalid permissions are not reported as error in id-token and models scopes. (#​582, thanks @​holtkampjs)
  • Fix args and entrypoint inputs are not recognized at uses: when it's not a Docker action. (#​550)
  • Set correct column in source position of YAML parse error.
  • Fix credentials cannot be configured with ${{ }}. (#​590)
  • Improve messages in syntax errors on parsing steps (run: and uses:). Available keys suggestion is now more accurate and unexpected keys are detected more accurately.
  • Fix the order of errors can be non-deterministic when multiple errors are caused at the same source positions.
  • Improve error messages showing suggestions on detecting invalid permissions.
  • Add instruction for installing actionlint with mise package manager. (#​589, thanks @​jylenhof)
  • Fix outdated URLs in the document.
  • Add new actionlint.AllContexts map constant in Go API that contains the information about all context availability.
  • Update popular actions data set to the latest with several major versions of actions and the following new actions.
    • anthropics/claude-code-action
    • openai/codex-action
    • google-github-actions/run-gemini-cli
  • Add make cov task to easily generate a code coverage report.
  • Make installing the formula version of actionlint pacakge from tap of this repository with Homebrew a hard error. Install the cask version instead following the instruction in the error message.

[Changes][v1.7.9]

v1.7.8

Compare Source

[Changes][v1.7.8]

Configuration

📅 Schedule: Branch creation - "on the 1st through 7th day of the month" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the bot label Nov 2, 2025
@renovate renovate bot changed the title chore(deps): update dependency actionlint_linux_arm64 to v1.7.8 chore(deps): update dependency actionlint_linux_arm64 to v1.7.9 Nov 22, 2025
@renovate renovate bot force-pushed the renovate/actionlint_linux_arm64-1.x branch from 9b47ee2 to 160b388 Compare November 22, 2025 11:56
@renovate renovate bot changed the title chore(deps): update dependency actionlint_linux_arm64 to v1.7.9 chore(deps): update dependency actionlint_linux_arm64 to v1.7.10 Dec 30, 2025
@renovate renovate bot force-pushed the renovate/actionlint_linux_arm64-1.x branch from 160b388 to ef2ec9f Compare December 30, 2025 16:38
@renovate renovate bot force-pushed the renovate/actionlint_linux_arm64-1.x branch from ef2ec9f to c908f1d Compare February 4, 2026 00:00
@renovate renovate bot changed the title chore(deps): update dependency actionlint_linux_arm64 to v1.7.10 chore(deps): update dependency actionlint_linux_arm64 to v1.7.11 Feb 15, 2026
@renovate renovate bot force-pushed the renovate/actionlint_linux_arm64-1.x branch from c908f1d to a4872bd Compare February 15, 2026 11:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants