chore(deps): bump the dependencies group across 1 directory with 3 updates

[dependabot]

Bumps the dependencies group with 3 updates in the / directory: Songmu/tagpr, goreleaser/goreleaser-action and aquasecurity/trivy-action.

Updates Songmu/tagpr from 1.15.0 to 1.17.0

Release notes

Sourced from Songmu/tagpr's releases.

v1.17.0

What's Changed

• Add fixedMajorVersion option for multiple major version support by @​Konboi in Songmu/tagpr#296

New Contributors

• @​Konboi made their first contribution in Songmu/tagpr#296

Full Changelog: Songmu/tagpr@v1.16.0...v1.17.0

v1.16.0

What's Changed

• docs: improve README for labels and env vars by @​tokuhirom in Songmu/tagpr#300
• Use scoped release yaml path in github releases by @​wreulicke in Songmu/tagpr#304
• fix: latestSemverTag returns empty for zero-padded calver tags by @​k1LoW in Songmu/tagpr#303
• build(deps): bump golang.org/x/oauth2 from 0.34.0 to 0.35.0 by @​dependabot[bot] in Songmu/tagpr#305
• build(deps): bump github.com/Songmu/gitconfig from 0.2.1 to 0.2.2 by @​dependabot[bot] in Songmu/tagpr#299
• Migrate gh2changelog to monorepo as local submodule by @​Copilot in Songmu/tagpr#307
• Fix: validate tagPrefix in isTagPR for monorepo isolation by @​Copilot in Songmu/tagpr#311

New Contributors

• @​tokuhirom made their first contribution in Songmu/tagpr#300
• @​Copilot made their first contribution in Songmu/tagpr#307

Full Changelog: Songmu/tagpr@v1.15.0...v1.16.0

Changelog

Sourced from Songmu/tagpr's changelog.

Changelog

v1.17.0 - 2026-02-14

• Add fixedMajorVersion option for multiple major version support by @​Konboi in Songmu/tagpr#296

v1.16.0 - 2026-02-14

• docs: improve README for labels and env vars by @​tokuhirom in Songmu/tagpr#300
• Use scoped release yaml path in github releases by @​wreulicke in Songmu/tagpr#304
• fix: latestSemverTag returns empty for zero-padded calver tags by @​k1LoW in Songmu/tagpr#303
• build(deps): bump golang.org/x/oauth2 from 0.34.0 to 0.35.0 by @​dependabot[bot] in Songmu/tagpr#305
• build(deps): bump github.com/Songmu/gitconfig from 0.2.1 to 0.2.2 by @​dependabot[bot] in Songmu/tagpr#299
• Migrate gh2changelog to monorepo as local submodule by @​Copilot in Songmu/tagpr#307
• Fix: validate tagPrefix in isTagPR for monorepo isolation by @​Copilot in Songmu/tagpr#311

v1.15.0 - 2026-02-01

• feat: allow tagpr.calendarVersioning to accept format string directly by @​k1LoW in Songmu/tagpr#295

v1.14.0 - 2026-01-29

• feat: scoped release configuration by @​wreulicke in Songmu/tagpr#291
• [fix] care nil ReleaseYAML by @​Songmu in Songmu/tagpr#293

v1.13.0 - 2026-01-29

• Add Calendar Versioning (CalVer) support by @​fujiwara in Songmu/tagpr#288
• build(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in Songmu/tagpr#289

v1.12.1 - 2026-01-21

• fix: pass changelog file path to gh2changelog by @​wreulicke in Songmu/tagpr#286

v1.12.0 - 2026-01-21

• feat: add changelogFile for monorepo support by @​wreulicke in Songmu/tagpr#283
• build(deps): bump actions/setup-go from 6.1.0 to 6.2.0 by @​dependabot[bot] in Songmu/tagpr#281

v1.11.1 - 2026-01-13

• fix: add check for both release.yml and release.yaml files by @​nnnkkk7 in Songmu/tagpr#275
• feat: add base_tag output for GitHub Actions by @​178inaba in Songmu/tagpr#277
• fix: scope git log to tagPrefix path in monorepo mode by @​biosugar0 in Songmu/tagpr#274

v1.11.0 - 2026-01-06

• build(deps): bump golang.org/x/oauth2 from 0.33.0 to 0.34.0 by @​dependabot[bot] in Songmu/tagpr#265
• build(deps): bump codecov/codecov-action from 5.5.1 to 5.5.2 by @​dependabot[bot] in Songmu/tagpr#266
• build(deps): bump github.com/Songmu/gitsemvers from 0.0.3 to 0.1.0 by @​dependabot[bot] in Songmu/tagpr#269
• Add tagPrefix configuration for monorepo support by @​biosugar0 in Songmu/tagpr#268
• build(deps): bump github.com/Songmu/gh2changelog from 0.3.0 to 0.4.0 by @​dependabot[bot] in Songmu/tagpr#270

v1.10.0 - 2025-12-14

• Preserve file modes by @​hekki in Songmu/tagpr#263

v1.9.2 - 2025-12-13

• config: introduce setFromGitconfig, reloadField, reloadBoolField meth… by @​12ya in Songmu/tagpr#251

... (truncated)

Commits

• da82ed6 Merge pull request #312 from Songmu/tagpr-from-v1.16.0
• 55ab9cd [tagpr] update CHANGELOG.md
• bf39ad3 [tagpr] prepare for the next release
• 9547bc3 Merge pull request #296 from Konboi/multiple-major-version
• 9af5627 Merge pull request #301 from Songmu/tagpr-from-v1.15.0
• dd30281 [tagpr] update CHANGELOG.md
• c413cd8 [tagpr] prepare for the next release
• 75a8422 Merge pull request #311 from Songmu/copilot/fix-istagpr-tagprefix-check
• 30dd298 Update tagpr_test.go
• 641e484 Update tagpr.go
• Additional commits viewable in compare view

Updates goreleaser/goreleaser-action from 6.4.0 to 7.0.0

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v7.0.0

What's Changed

• feat!: node 24, update deps, rm yarn, ESM by @​caarlos0 in goreleaser/goreleaser-action#533
• sec: pin github action versions by @​caarlos0 in goreleaser/goreleaser-action#514
• docs: Upgrade checkout GitHub Action in README.md by @​dunglas in goreleaser/goreleaser-action#507
• chore(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in goreleaser/goreleaser-action#504
• ci(deps): bump the actions group with 2 updates by @​dependabot[bot] in goreleaser/goreleaser-action#517
• ci(deps): bump the actions group with 2 updates by @​dependabot[bot] in goreleaser/goreleaser-action#523
• ci(deps): bump docker/bake-action from 6.9.0 to 6.10.0 in the actions group by @​dependabot[bot] in goreleaser/goreleaser-action#526
• ci(deps): bump the actions group across 1 directory with 4 updates by @​dependabot[bot] in goreleaser/goreleaser-action#532
• ci(deps): bump actions/checkout from 6.0.1 to 6.0.2 in the actions group by @​dependabot[bot] in goreleaser/goreleaser-action#534
• chore(deps): bump the npm group across 1 directory with 4 updates by @​dependabot[bot] in goreleaser/goreleaser-action#536
• chore(deps): bump @​actions/http-client from 3.0.2 to 4.0.0 in the npm group by @​dependabot[bot] in goreleaser/goreleaser-action#537
• ci(deps): bump docker/setup-buildx-action from 3.10.0 to 3.12.0 in the actions group by @​dependabot[bot] in goreleaser/goreleaser-action#538
• chore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group by @​dependabot[bot] in goreleaser/goreleaser-action#539

Full Changelog: goreleaser/goreleaser-action@v6...v7.0.0

Commits

• ec59f47 fix: yargs usage
• 752dede fix: gitignore
• 1881ae0 ci: update dependabot settings
• fdc5e66 chore: gitignore provenance.json
• 51b5b35 chore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group (#539)
• 4247c53 ci(deps): bump docker/setup-buildx-action in the actions group (#538)
• c169bfd chore(deps): bump @​actions/http-client from 3.0.2 to 4.0.0 in the npm group (...
• 902ab4a chore(deps): bump the npm group across 1 directory with 4 updates (#536)
• c59a691 chore: gitignore
• 56cc8b2 ci: add job to automate dependabot pre-checkin/vendor
• Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.33.1 to 0.34.1

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.34.1

What's Changed

• ci(test): add zizmor security linter for GitHub Actions by @​DmitriyLewen in aquasecurity/trivy-action#502

Full Changelog: aquasecurity/trivy-action@0.34.0...0.34.1

v0.34.0

What's Changed

• ci: use setup-bats in bump-trivy workflow by @​nikpivkin in aquasecurity/trivy-action#494
• chore: update README by @​nikpivkin in aquasecurity/trivy-action#493
• ci: install trivy in bump-trivy workflow and update tests by @​nikpivkin in aquasecurity/trivy-action#495
• chore(deps): Update trivy to v0.68.1 by @​aqua-bot in aquasecurity/trivy-action#496
• ci: use checks bundle v2 in sync workflow by @​nikpivkin in aquasecurity/trivy-action#505
• chore(deps): Update trivy to v0.69.1 by @​aqua-bot in aquasecurity/trivy-action#506

Full Changelog: aquasecurity/trivy-action@0.33.1...0.34.0

Commits

• e368e32 ci(test): add zizmor security linter for GitHub Actions (#502)
• c1824fd chore(deps): Update trivy to v0.69.1 (#506)
• bc61dc5 Merge commit from fork
• 5eb7ef2 ci: use checks bundle v2 in sync workflow (#505)
• 22438a4 Merge pull request #496 from aquasecurity/bump-trivy-1765431074
• 0024b3f chore(deps): Update trivy to v0.68.1
• 83690f7 ci: install trivy in bump-trivy workflow and update tests (#495)
• df65449 chore: update README (#493)
• 0317097 ci: use setup-bats in bump-trivy workflow (#494)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Code Metrics Report

	main (4c8ca7e)	#65 (2b3785a)	+/-
Coverage	6.1%	6.1%	0.0%
Code to Test Ratio	1:0.1	1:0.1	0.0
Test Execution Time	10s	10s	0s

Details

  |                     | main (4c8ca7e) | #65 (2b3785a) | +/-  |
  |---------------------|----------------|---------------|------|
  | Coverage            |           6.1% |          6.1% | 0.0% |
  |   Files             |             10 |            10 |    0 |
  |   Lines             |            408 |           408 |    0 |
  |   Covered           |             25 |            25 |    0 |
  | Code to Test Ratio  |          1:0.1 |         1:0.1 |  0.0 |
  |   Code              |            945 |           945 |    0 |
  |   Test              |            104 |           104 |    0 |
  | Test Execution Time |            10s |           10s |   0s |

---

Reported by octocov