Sourced from fsfe/reuse-action's releases.

v6.0.0

• Bump to v6 #(43)

• 676e2d5 Bump to reuse v6
• See full diff in compare view

Sourced from oxsecurity/megalinter's releases.

v9.1.0

What's Changed

• New linters

  • Add Robocop linter, by @​bdovaz in oxsecurity/megalinter#6232

• Linters enhancements

  • Python Linting: Added more file type supports for various linters. Full description here

• Doc

  • Add OLLAMA_BASE_URL is MegaLinter config Json schema

• Flavors

  • Custom flavors: Add workflow to automate detection of new MegaLinter versions and generation of new Custom Flavor

• CI

  • Fix v9 release issue + mark hardcoded versions to upgrade at each new major release.

• Linter versions upgrades (22)

  • ansible-lint from 25.9.0 to 25.9.1
  • bicep_linter from 0.37.4 to 0.38.33
  • cfn-lint from 1.39.1 to 1.40.0
  • checkstyle from 11.0.1 to 11.1.0
  • clj-kondo from 2025.09.19 to 2025.09.22
  • golangci-lint from 2.4.0 to 2.5.0
  • hadolint from 2.13.1 to 2.14.0
  • isort from 6.0.1 to 6.1.0
  • kics from 2.1.13 to 2.1.14
  • npm-groovy-lint from 15.2.1 to 15.2.2
  • php-cs-fixer from 3.87.2 to 3.88.2
  • phpstan from 2.1.28 to 2.1.30
  • pylint from 3.3.8 to 3.3.9
  • pyright from 1.1.405 to 1.1.406
  • robocop from 6.7.0 to 6.7.2
  • rubocop from 1.80.2 to 1.81.1
  • ruff-format from 0.13.1 to 0.13.3
  • ruff from 0.13.1 to 0.13.3
  • snakemake from 9.11.4 to 9.11.9
  • terraform-fmt from 1.13.2 to 1.13.3
  • terragrunt from 0.87.2 to 0.88.1
  • trivy from 0.66.0 to 0.67.0

• chore(deps): update alpine/terragrunt docker tag to v1.13.3 by @​renovate[bot] in oxsecurity/megalinter#6201
• chore(deps): update dependency @​salesforce/cli to v2.106.6 by @​renovate[bot] in oxsecurity/megalinter#6199
• chore(deps): update dependency fastapi to v0.117.1 by @​renovate[bot] in oxsecurity/megalinter#6195
• chore(deps): update dependency @​salesforce/plugin-packaging to v2.20.4 by @​renovate[bot] in oxsecurity/megalinter#6198
• chore(deps): update dependency sfdx-hardis to v6.5.2 by @​renovate[bot] in oxsecurity/megalinter#6202

... (truncated)

Sourced from oxsecurity/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

• Core

• New linters

• Disabled linters

• Removed linters

• Media

• Linters enhancements

• Fixes

• Reporters

• Doc

• Flavors

• CI

• mega-linter-runner

• Linter versions upgrades (N)

  • checkstyle from 11.1.0 to 12.0.0 on 2025-10-09
  • scalafix from 0.14.3 to 0.14.4 on 2025-10-09
  • xmllint from 21308 to 21309 on 2025-10-09
  • ansible-lint from 25.9.1 to 25.9.2 on 2025-10-12
  • cfn-lint from 1.40.0 to 1.40.1 on 2025-10-12
  • checkstyle from 12.0.0 to 12.0.1 on 2025-10-12
  • trivy-sbom from 0.67.0 to 0.67.2 on 2025-10-12
  • trivy from 0.67.0 to 0.67.2 on 2025-10-12
  • snakemake from 9.11.9 to 9.13.2 on 2025-10-12
  • terragrunt from 0.88.1 to 0.90.0 on 2025-10-12

[v9.1.0] - 2025-10-07

• New linters

... (truncated)

• 62c799d Release MegaLinter v9.1.0
• 6158659 [automation] Auto-update linters version, help and documentation (#6299)
• 013588a chore(deps): update dependency lightning-flow-scanner to v5.6.2 (#6301)
• ee69172 chore(deps): update dependency isort to v6.1.0 (#6300)
• 49e1637 chore(deps): update dependency eslint-plugin-jsonc to v2.21.0 (#6298)
• 1db8d0f chore(deps): update dependency eslint to v9.37.0 (#6297)
• f26af91 [automation] Auto-update linters version, help and documentation (#6296)
• 9786a83 chore(deps): update dependency cfn-lint to v1.40.0 (#6295)
• 69457fc chore(deps): update dependency azure/bicep to v0.38.33 (#6294)
• 4ae0e6f chore(deps): update dependency npm-groovy-lint to v15.2.2 (#6293)
• Additional commits viewable in compare view

Sourced from github/codeql-action's releases.

v4.30.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.30.8 - 10 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.30.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.30.7 - 06 Oct 2025

• [v4+ only] The CodeQL Action now runs on Node.js v24. #3169

See the full CHANGELOG.md for more information.

v3.30.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.8 - 10 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.7 - 06 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.30.8 - 10 Oct 2025

No user facing changes.

4.30.7 - 06 Oct 2025

• [v4+ only] The CodeQL Action now runs on Node.js v24. #3169

3.30.6 - 02 Oct 2025

• Update default CodeQL bundle version to 2.23.2. #3168

3.30.5 - 26 Sep 2025

• We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #3160

3.30.4 - 25 Sep 2025

• We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #3099 and #3100
• We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #3107
• You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #3130
• Update default CodeQL bundle version to 2.23.1. #3118

3.30.3 - 10 Sep 2025

No user facing changes.

3.30.2 - 09 Sep 2025

• Fixed a bug which could cause language autodetection to fail. #3084
• Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #3064

3.30.1 - 05 Sep 2025

• Update default CodeQL bundle version to 2.23.0. #3077

3.30.0 - 01 Sep 2025

• Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #3054

3.29.11 - 21 Aug 2025

... (truncated)

• f443b60 Merge pull request #3198 from github/update-v4.30.8-527f0f324
• 7a2cb62 Update changelog for v4.30.8
• 527f0f3 Merge pull request #3195 from github/dependabot/npm_and_yarn/npm-minor-37415c...
• f402506 Merge pull request #3196 from github/dependabot/github_actions/dot-github/wor...
• f5e53f9 Merge pull request #3197 from github/dependabot/github_actions/dot-github/wor...
• 4e90a42 Merge pull request #3193 from github/mbg/ff/tools-toolcache
• 413a4a4 Rebuild
• 4521864 Bump github/codeql-action from 3 to 4 in /.github/workflows
• eadf14b Bump ruby/setup-ruby
• e1257b6 Rebuild
• Additional commits viewable in compare view

Sourced from mikefarah/yq's releases.

v4.48.1 - First and Parents Operators

• Added 'parents' operator, to return a list of all the hierarchical parents of a node
• Added 'first(exp)' operator, to return the first entry matching an expression in an array
• Fixed xml namespace prefixes #1730 (thanks @​baodrate)
• Fixed out of range panic in yaml decoder #2460 (thanks @​n471d)
• Bumped dependencies

Sourced from mikefarah/yq's changelog.

4.48.1:

• Added 'parents' operator, to return a list of all the hierarchical parents of a node
• Added 'first(exp)' operator, to return the first entry matching an expression in an array
• Fixed xml namespace prefixes #1730 (thanks @​baodrate)
• Fixed out of range panic in yaml decoder #2460 (thanks @​n471d)
• Bumped dependencies

4.47.2:

• Conversion from TOML to JSON no longer omits empty tables #2459 (thanks @​louislouislouislouis)
• Bumped dependencies

4.47.1:

• Fixed merge anchor behaviour (<<); #2404, #2110, #2386, #2178 Huge thanks to @​stevenwdv! Note that you will need to set --yaml-fix-merge-anchor-to-spec to see the fixes
• Fixed panic for syntax error when creating a map #2423
• Bumped dependencies

4.46.1:

• Added INI support
• Fixed 'add' operator when piped in with no data #2378, #2383, #2384
• Fixed delete after slice problem (bad node path) #2387 Thanks @​antoinedeschenes
• Fixed yq small build Thanks @​imzue
• Switched to YAML org supported go-yaml!
• Bumped dependencies

4.45.4:

• Fixing wrong map() behaviour on empty map #2359
• Bumped dependencies

4.45.3:

• Fixing regression introduced with in 4.45.2 with #2325 fix 😓 sorry folks!
• Bumped dependencies

4.45.2:

• Added windows arm builds (Thanks @​albertocavalcante, @​ShukantPal)
• Added s390x platform support (Thanks @​ashokpariya0)
• Additionally push docker images to ghcr.io (Thanks @​reegnz)
• Fixing add when there is no node match #2325
• sort_by works on maps
• Bumped dependencies

4.45.1:

• Create parent directories when --split-exp is used, Thanks @​rudo-thomas
• Bumped dependencies

4.44.6:

• Fixed deleting items in array bug #2027, #2172; Thanks @​jandubois
• Docker image for armv7 / raspberry pi3, Thanks @​brianegge
• Fixed no-colors regression #2218

... (truncated)

• 0ecdce2 Bumping version
• 01ac615 Updating contrib
• 6629924 Bump github.com/alecthomas/repr from 0.5.1 to 0.5.2
• 3869354 Bump golang from 1.25.0 to 1.25.2
• d5dd338 Bump github/codeql-action from 3 to 4
• 201542b Bump golang.org/x/net from 0.43.0 to 0.46.0
• f353885 fix: keep xml namespace prefixes for tags
• df92dec chore: add xml namespace prefix test cases
• 23060cb Improving first op docs
• 4532346 Adding first operator
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions