🌱 Bump the gomod group across 1 directory with 4 updates

[dependabot]

Bumps the gomod group with 4 updates in the / directory: github.com/rhysd/actionlint, github.com/onsi/ginkgo/v2, github.com/onsi/gomega and gocloud.dev.

Updates github.com/rhysd/actionlint from 1.7.8 to 1.7.9

Release notes

Sourced from github.com/rhysd/actionlint's releases.

v1.7.9

• Add support for ubuntu-slim runner label. (#585, thanks @​cestorer)
• Check input deprecation in action by checking deprecationMessage property. Using a deprecated input is reported as error if it is not marked as required. See the document for more details. (#580)

  - uses: reviewdog/action-actionlint@v1
    with:
      # ERROR: Using a deprecated input
      fail_on_error: true

• Add support for the Custom images feature.
  • Support image_version workflow trigger.

    on:
      image_version:
        names:
          - "MyNewImage"
          - "MyOtherImage"
        versions:
          - 1.*
          - 2.*

  • Support jobs.<job_id>.snapshot syntax. To make actionlint recognize your own image generation runner, use self-hosted-runner.labels config.

    jobs:
      build:
        runs-on: my-image-generation-runner
        snapshot:
            image-name: my-custom-image
            version: 2.*

• Report constant conditions at if: like if: true as error. Only very simple expressions like true or false are detected for now. See the document for more details.
• Check unexpected keys in inputs in action metadata.

  inputs:
    some_input:
      # Error: `type` is not supported for inputs in action metadata
      type: boolean

• Fix some invalid permissions are not reported as error in id-token and models scopes. (#582, thanks @​holtkampjs)
• Fix args and entrypoint inputs are not recognized at uses: when it's not a Docker action. (#550)
• Set correct column in source position of YAML parse error.
• Fix credentials cannot be configured with ${{ }}. (#590)
• Improve messages in syntax errors on parsing steps (run: and uses:). Available keys suggestion is now more accurate and unexpected keys are detected more accurately.
• Fix the order of errors can be non-deterministic when multiple errors are caused at the same source positions.
• Improve error messages showing suggestions on detecting invalid permissions.
• Add instruction for installing actionlint with mise package manager. (#589, thanks @​jylenhof)
• Fix outdated URLs in the document.
• Add new actionlint.AllContexts map constant in Go API that contains the information about all context availability.
• Update popular actions data set to the latest with several major versions of actions and the following new actions.
  • anthropics/claude-code-action

... (truncated)

Changelog

Sourced from github.com/rhysd/actionlint's changelog.

v1.7.9 - 2025-11-21

• Add support for ubuntu-slim runner label. (#585, thanks @​cestorer)
• Check input deprecation in action by checking deprecationMessage property. Using a deprecated input is reported as error if it is not marked as required. See the document for more details. (#580)

  - uses: reviewdog/action-actionlint@v1
    with:
      # ERROR: Using a deprecated input
      fail_on_error: true

• Add support for the Custom images feature.
  • Support image_version workflow trigger.

    on:
      image_version:
        names:
          - "MyNewImage"
          - "MyOtherImage"
        versions:
          - 1.*
          - 2.*

  • Support jobs.<job_id>.snapshot syntax. To make actionlint recognize your own image generation runner, use self-hosted-runner.labels config.

    jobs:
      build:
        runs-on: my-image-generation-runner
        snapshot:
            image-name: my-custom-image
            version: 2.*

• Report constant conditions at if: like if: true as error. Only very simple expressions like true or false are detected for now. See the document for more details.
• Check unexpected keys in inputs in action metadata.

  inputs:
    some_input:
      # Error: `type` is not supported for inputs in action metadata
      type: boolean

• Fix some invalid permissions are not reported as error in id-token and models scopes. (#582, thanks @​holtkampjs)
• Fix args and entrypoint inputs are not recognized at uses: when it's not a Docker action. (#550)
• Set correct column in source position of YAML parse error.
• Fix credentials cannot be configured with ${{ }}. (#590)
• Improve messages in syntax errors on parsing steps (run: and uses:). Available keys suggestion is now more accurate and unexpected keys are detected more accurately.
• Fix the order of errors can be non-deterministic when multiple errors are caused at the same source positions.
• Improve error messages showing suggestions on detecting invalid permissions.
• Add instruction for installing actionlint with mise package manager. (#589, thanks @​jylenhof)
• Fix outdated URLs in the document.
• Add new actionlint.AllContexts map constant in Go API that contains the information about all context availability.
• Update popular actions data set to the latest with several major versions of actions and the following new actions.

... (truncated)

Commits

• a443f34 bump up version to v1.7.9
• c48cd05 fix deprecated GoReleaser config
• a03892f update the popular actions data set for actions/checkout@v6
• c85ea65 make installing formula version of actionlint error
• eb4d397 update playground npm dependencies
• baee0a7 fix webhook generation script
• 56ecc8c add anthropics/claude-code-action, openai/codex-action, `google-github-ac...
• 5ed2da8 add more tests for parsing and checking container and services
• dbcf56f report image is missing in container
• e4ba27e fix credentials cannot be initialized with ${{ }} (fix #590)
• Additional commits viewable in compare view

Updates github.com/onsi/ginkgo/v2 from 2.27.2 to 2.27.3

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.27.3

2.27.3

Fixes

report exit result in case of failure [1c9f356] fix data race [ece19c8]

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.27.3

Fixes

report exit result in case of failure [1c9f356] fix data race [ece19c8]

Commits

• f331739 v2.27.3
• 1c9f356 ginkgo: report exit result in case of failure
• ece19c8 ginkgo: fix data race
• See full diff in compare view

Updates github.com/onsi/gomega from 1.38.2 to 1.38.3

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.38.3

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

Commits

• a3ca2ca v1.38.3
• 4dada36 fix failing have http tests
• d40c691 make string formatitng more consistent for users who use format.Object directly
• 2a37b46 doc: fix typos
• ee26170 docs: fix HaveValue example
• cc85c05 Bump actions/setup-go from 5 to 6 (#866)
• 8905788 Bump github.com/onsi/ginkgo/v2 from 2.25.1 to 2.25.3 (#865)
• 67552c5 chore: apply fixes from Go modernize command
• See full diff in compare view

Updates gocloud.dev from 0.43.0 to 0.44.0

Release notes

Sourced from gocloud.dev's releases.

v0.44.0

What's Changed

• all: remove docstore/awsdynamodb v1 and other vestiges of awsv1 by @​vangent in google/go-cloud#3605

blob

• blob: add ListIterator.All, a Go 1.23 iterator by @​vangent in google/go-cloud#3608
• blob/gcsblob: allow providing a storage.Client directly (e.g., to use a gRPC-based client) by @​vangent in google/go-cloud#3616
• blob/s3blob: make it possible to configure the default integrity protection by @​stanhu in google/go-cloud#3634
• blob/azureblob: improve error handling by @​SoMuchForSubtlety in google/go-cloud#3636
• blob/azureblob: handle more precondition errors by @​SoMuchForSubtlety in google/go-cloud#3637

pubsub

• pubsub/gcppubsubv2: Add a new pubsub driver using GCP's v2 library. by @​vangent in google/go-cloud#3622

docstore

• docstore/memdocstore: add support for atomic writes by @​sandeepvinayak in google/go-cloud#3606

mysql

• mysql/awsmysql: support IAM authenticate with AssumeRole by @​giautm in google/go-cloud#3623
• mysql/awsmysql: allow refreshing the IAM token when it is expired by @​giautm in google/go-cloud#3625
• mysql/awsmysql: use otelsql.OpenDB() to wrap the connector by @​giautm in google/go-cloud#3626
• mysql/awsmysql: allow injecting HTTP client by @​giautm in google/go-cloud#3628
• mysql/awsmysql: pass TLS directly to the config by @​giautm in google/go-cloud#3627
• mysql/gcpmysql: use otelsql.OpenDB() to wrap the connector by @​giautm in google/go-cloud#3630
• mysql: use otelsql.OpenDB() to wrap the connector by @​giautm in google/go-cloud#3631
• mysql/azuremysql: use otelsql.OpenDB() to wrap the connector by @​giautm in google/go-cloud#3629
• mysql/gcpmysql: pass DialFunc directly to MySQL config by @​giautm in google/go-cloud#3632
• mysql/azuremysql: pass TLS directly to MySQL config by @​giautm in google/go-cloud#3633

New Contributors

• @​wadgamaraldeen made their first contribution in google/go-cloud#3620
• @​SoMuchForSubtlety made their first contribution in google/go-cloud#3635

Full Changelog: google/go-cloud@v0.43.0...v0.44.0

Commits

• a52bb66 all: prep for release (#3641)
• 771a4a7 blob/azureblob: handle more precondition errors (#3637)
• dfa0635 blob/azureblob: refactor error handling and add test recording (#3636)
• f1d2dbc blob/s3blob: make it possible to configure the default integrity protection (...
• eff724a blob/azureblob: handle precondition error for BlobExists (#3635)
• 7553548 mysql/azuremysql: pass TLS directly to MySQL config (#3633)
• 8badd8f mysql/gcpmysql: pass DialFunc directly to MySQL config (#3632)
• 5590aca mysql/azuremysql: use otelsql.OpenDB to wrap the connector (#3629)
• 0efbc16 mysql: use otelsql.OpenDB to wrap the connector (#3631)
• bc60307 mysql/gcpmysql: use otelsql.OpenDB to wrap the connector (#3630)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[netlify]

✅ Deploy Preview for ossf-scorecard canceled.

Name	Link
🔨 Latest commit	8cd362f
🔍 Latest deploy log	https://app.netlify.com/projects/ossf-scorecard/deploys/693712f58b504a00084c6fd0