Skip to content

chore(deps): bump the github-actions group with 2 updates#108

Merged
WilliamBerryiii merged 1 commit intomainfrom
dependabot/github_actions/github-actions-12f3bbd7e6
Dec 2, 2025
Merged

chore(deps): bump the github-actions group with 2 updates#108
WilliamBerryiii merged 1 commit intomainfrom
dependabot/github_actions/github-actions-12f3bbd7e6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Dec 1, 2025
edited
Loading

Bumps the github-actions group with 2 updates: googleapis/release-please-action and actions/setup-node.

Updates googleapis/release-please-action from 4.1.3 to 4.4.0

Release notes

Sourced from googleapis/release-please-action's releases.

v4.4.0

4.4.0 (2025-10-09)

Features

  • add ability to select versioning-strategy and release-as (#1121) (ee0f5ba)

Bug Fixes

  • changelog-host parameter ignored when using manifest configuration (#1151) (535c413)
  • bump mocha from 11.7.1 to 11.7.2 in the npm_and_yarn group across 1 directory (#1149) (3612a99)
  • bump release-please from 17.1.2 to 17.1.3 (#1158) (66fbfe9)

v4.3.0

4.3.0 (2025-08-20)

Features

  • deps: update release-please to 17.1.2 (f07192c)

v4.2.0

4.2.0 (2025-03-07)

Features

  • support for skip-labeling parameter for GitHub action (#1066) (fb7f385)

v4.1.5

4.1.5 (2025-02-27)

Bug Fixes

v4.1.4

4.1.4 (2024-10-02)

Bug Fixes

  • bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group (#1015) (5ec1cbd)
  • bump release-please from 16.12.0 to 16.13.0 (#1030) (caa0464)
  • bump release-please from 16.13.0 to 16.14.0 (#1032) (b2a986c)
  • deps: update release-please to 16.14.1 (#1036) (2942e51)
Changelog

Sourced from googleapis/release-please-action's changelog.

Changelog

4.4.0 (2025-10-09)

Features

  • add ability to select versioning-strategy and release-as (#1121) (ee0f5ba)

Bug Fixes

  • changelog-host parameter ignored when using manifest configuration (#1151) (535c413)
  • bump mocha from 11.7.1 to 11.7.2 in the npm_and_yarn group across 1 directory (#1149) (3612a99)
  • bump release-please from 17.1.2 to 17.1.3 (#1158) (66fbfe9)

4.3.0 (2025-08-20)

Features

  • deps: update release-please to 17.1.2 (f07192c)

4.2.0 (2025-03-07)

Features

  • support for skip-labeling parameter for GitHub action (#1066) (fb7f385)

4.1.5 (2025-02-27)

Bug Fixes

4.1.4 (2024-10-02)

Bug Fixes

  • bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group (#1015) (5ec1cbd)
  • bump release-please from 16.12.0 to 16.13.0 (#1030) (caa0464)
  • bump release-please from 16.13.0 to 16.14.0 (#1032) (b2a986c)
  • deps: update release-please to 16.14.1 (#1036) (2942e51)

4.1.3 (2024-06-10)

... (truncated)

Commits
  • 16a9c90 chore(main): release 4.4.0 (#1156)
  • e5c2aa4 chore: build dist (#1159)
  • 66fbfe9 fix: bump release-please from 17.1.2 to 17.1.3 (#1158)
  • 4cd397a chore: build dist (#1152)
  • ee0f5ba feat: add ability to select versioning-strategy and release-as (#1121)
  • 535c413 fix: changelog-host parameter ignored when using manifest configuration (#1...
  • 3612a99 fix: bump mocha from 11.7.1 to 11.7.2 in the npm_and_yarn group across 1 dire...
  • 15209c4 chore: verify body contents when running tests (#1148)
  • bf90349 docs: Add body to Outputs (#1129)
  • 1cfb21c docs: adds missing github action permissions to README (#1108)
  • Additional commits viewable in compare view

Updates actions/setup-node from 633bb92bc0aabcae06e8ea93b85aecddd374c402 to b9b25d45f70a5d94d88496aa4896bf9ed8f49b67

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Dec 1, 2025

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot requested a review from a team as a code owner December 1, 2025 06:11
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Dec 1, 2025
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/setup-node b9b25d45f70a5d94d88496aa4896bf9ed8f49b67 🟢 5.8
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 9binaries present in source code
Maintained🟢 79 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ 1branch protection is not maximal on development and all release branches
Vulnerabilities🟢 64 existing vulnerabilities detected
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9

Scanned Files

  • .github/workflows/table-format.yml

@WilliamBerryiii
Copy link
Copy Markdown
Member

WilliamBerryiii commented Dec 2, 2025

@dependabot rebase

@dependabot
chore(deps): bump the github-actions group with 2 updates
a58a13f 
Bumps the github-actions group with 2 updates: [googleapis/release-please-action](https://github.com/googleapis/release-please-action) and [actions/setup-node](https://github.com/actions/setup-node).


Updates `googleapis/release-please-action` from 4.1.3 to 4.4.0
- [Release notes](https://github.com/googleapis/release-please-action/releases)
- [Changelog](https://github.com/googleapis/release-please-action/blob/main/CHANGELOG.md)
- [Commits](googleapis/release-please-action@7987652...16a9c90)

Updates `actions/setup-node` from 633bb92bc0aabcae06e8ea93b85aecddd374c402 to b9b25d45f70a5d94d88496aa4896bf9ed8f49b67
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@633bb92...b9b25d4)

---
updated-dependencies:
- dependency-name: googleapis/release-please-action
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/setup-node
  dependency-version: b9b25d45f70a5d94d88496aa4896bf9ed8f49b67
  dependency-type: direct:production
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/github_actions/github-actions-12f3bbd7e6 branch from c561c21 to a58a13f Compare December 2, 2025 01:02
@WilliamBerryiii WilliamBerryiii merged commit 3e56313 into main Dec 2, 2025
11 checks passed
@dependabot dependabot bot deleted the dependabot/github_actions/github-actions-12f3bbd7e6 branch December 2, 2025 21:17
This was referenced Jan 13, 2026
Closed
Closed
Closed
Closed
Closed
Merged
WilliamBerryiii pushed a commit that referenced this pull request Jan 19, 2026
@hve-core-release-please
chore(main): release hve-core 1.1.0 (#211)
8de3acf 
🤖 I have created a release *beep* *boop*
---


##
[1.1.0](hve-core-v1.0.0...hve-core-v1.1.0)
(2026-01-19)


### ✨ Features

* **.devcontainer:** add development container configuration
([#24](#24))
([45debf5](45debf5))
* **.github:** add github metadata and mcp configuration
([#23](#23))
([1cb898d](1cb898d))
* **agent:** Add automated installation via hve-core-installer agent
([#82](#82))
([a2716d5](a2716d5))
* **agents:** add brd-builder.agent.md for building BRDs
([#122](#122))
([bfdc9f3](bfdc9f3))
* **agents:** redesign installer with Codespaces support and method
documentation ([#123](#123))
([6329fc0](6329fc0))
* **ai:** Establish AI-Assisted Development Framework
([#48](#48))
([f5199a4](f5199a4))
* **build:** implement automated release management with release-please
([#86](#86))
([90150e2](90150e2))
* **chatmodes:** add architecture diagram builder agent
([#145](#145))
([db24637](db24637))
* **config:** add development tools configuration files
([#19](#19))
([9f97522](9f97522))
* **config:** add npm package configuration and dependencies
([#20](#20))
([fcba198](fcba198))
* **copilot:** add GitHub Copilot instruction files
([#22](#22))
([4927284](4927284))
* **copilot:** add specialized chat modes for development workflows
([#21](#21))
([ae8495f](ae8495f))
* **docs:** add comprehensive AI artifact contribution documentation
([#76](#76))
([d81cf96](d81cf96))
* **docs:** add getting started guide for project configuration
([#57](#57))
([3b864fa](3b864fa))
* **docs:** add repository foundation and documentation files
([#18](#18))
([ad7efb6](ad7efb6)),
closes [#2](#2)
* **docs:** add RPI workflow documentation and restructure docs folder
([#102](#102))
([c3af708](c3af708))
* **extension:** hve core vs code extension
([#149](#149))
([041a1fd](041a1fd))
* **extension:** implement pre-release versioning with agent maturity
filtering ([#179](#179))
([fb38233](fb38233))
* **instructions:** add authoring standards for prompt engineering
artifacts ([#177](#177))
([5de3af9](5de3af9))
* **instructions:** add extension quick install and enhance installer
agent ([#176](#176))
([48e3d58](48e3d58))
* **instructions:** add VS Code variant prompt and gitignore
recommendation to installer
([#185](#185))
([b400493](b400493))
* **instructions:** add writing style guide for markdown content
([#151](#151))
([02df6a8](02df6a8))
* **instructions:** consolidate C# guidelines and update prompt agent
fields ([#158](#158))
([65342d4](65342d4))
* **instructions:** provide guidance on using safe commands to reduce
interactive prompting
([#117](#117))
([1268580](1268580))
* **linting:** add linting and validation scripts
([#26](#26))
([66be136](66be136))
* **prompt-builder:** enhance prompt engineering instructions and
validation protocols
([#155](#155))
([bc5004f](bc5004f))
* **prompts:** add ADR placement planning and update template paths
([#69](#69))
([380885f](380885f))
* **prompts:** add git workflow prompts from edge-ai
([#84](#84))
([56d66b6](56d66b6))
* **prompts:** add github-add-issue prompt and github-issue-manager
chatmode with delegation pattern
([#55](#55))
([d0e1789](d0e1789))
* **prompts:** add PR template discovery and integration to pull-request
prompt ([#141](#141))
([b8a4c7a](b8a4c7a))
* **prompts:** add task research initiation prompt and rpi
agent([#124](#124))
([5113e3b](5113e3b))
* **release:** implement release management strategy
([#161](#161))
([6164c3b](6164c3b))
* Risk Register Prompt
([#146](#146))
([843982c](843982c))
* **scripts:** enhanced JSON Schema validation for markdown frontmatter
([#59](#59))
([aba152c](aba152c))
* **security:** add checksum validation infrastructure
([#106](#106))
([07528fb](07528fb))
* **security:** add security scanning scripts
([#25](#25))
([82de5a1](82de5a1))
* **workflows:** add CodeQL security analysis to PR validation
([#132](#132))
([e5b6e8f](e5b6e8f))
* **workflows:** add orchestration workflows and documentation
([#29](#29))
([de442e0](de442e0))
* **workflows:** add security reusable workflows
([#28](#28))
([2c74399](2c74399))
* **workflows:** add validation reusable workflows
([#27](#27))
([f52352d](f52352d))


### 🐛 Bug Fixes

* **build:** add token parameter to release-please action
([#166](#166))
([c9189ec](c9189ec))
* **build:** disable MD012 lint rule in CHANGELOG for release-please
compatibility ([#173](#173))
([54502d8](54502d8)),
closes [#172](#172)
* **build:** pin npm commands for OpenSSF Scorecard compliance
([#181](#181))
([c29db54](c29db54))
* **build:** remediate GHSA-g9mf-h72j-4rw9 undici vulnerability
([#188](#188))
([634bf36](634bf36))
* **build:** seed CHANGELOG.md with version entry for release-please
frontmatter preservation
([#170](#170))
([2b299ac](2b299ac))
* **build:** use GitHub App token for release-please
([#167](#167))
([070e042](070e042))
* **build:** use hashtable splatting for named parameters
([#164](#164))
([02a965f](02a965f))
* **devcontainer:** remove unused Python requirements check
([#78](#78))
([f17a872](f17a872)),
closes [#77](#77)
* **docs:** fix broken links and update validation for .vscode/README.md
([#118](#118))
([160ae7a](160ae7a))
* **docs:** improve language consistency in Automated Installation
section ([#139](#139))
([a932918](a932918))
* **docs:** replace install button anchor with VS Code protocol handler
([#111](#111))
([41a265e](41a265e))
* **docs:** update install badges to use aka.ms redirect URLs
([#114](#114))
([868f655](868f655))
* **linting:** use cross-platform path separators in gitignore pattern
matching ([#121](#121))
([3f0aa1b](3f0aa1b))
* **scripts:** accepts the token (YYYY-MM-dd) in frontmatter validation
([#133](#133))
([2648215](2648215))
* **tools:** correct Method 5 path resolution in hve-core-installer
([#129](#129))
([57ef20d](57ef20d))


### 📚 Documentation

* add comprehensive RPI workflow documentation
([#153](#153))
([cbaa4a9](cbaa4a9))
* enhance README with contributing, responsible AI, and legal sections
([#52](#52))
([a424adc](a424adc))


### ♻️ Refactoring

* **instructions:** consolidate and enhance AI artifact guidelines
([#206](#206))
([54dd959](54dd959))
* migrate chatmodes to agents architecture
([#210](#210))
([712b0b7](712b0b7))


### 🔧 Maintenance

* **build:** clean up workflow permissions for Scorecard compliance
([#183](#183))
([64686e7](64686e7))
* **deps-dev:** bump cspell in the npm-dependencies group
([#61](#61))
([38650eb](38650eb))
* **deps-dev:** bump glob from 10.4.5 to 10.5.0
([#74](#74))
([b3ca9fd](b3ca9fd))
* **deps-dev:** bump markdownlint-cli2 from 0.19.1 to 0.20.0 in the
npm-dependencies group
([#134](#134))
([ebfbe84](ebfbe84))
* **deps-dev:** bump the npm-dependencies group across 1 directory with
2 updates ([#109](#109))
([936ab84](936ab84))
* **deps-dev:** bump the npm-dependencies group with 2 updates
([#30](#30))
([cf99cbf](cf99cbf))
* **deps:** bump actions/upload-artifact from 5.0.0 to 6.0.0 in the
github-actions group
([#142](#142))
([91eac8a](91eac8a))
* **deps:** bump js-yaml, markdown-link-check and markdownlint-cli2
([#75](#75))
([af03d0e](af03d0e))
* **deps:** bump the github-actions group with 2 updates
([#108](#108))
([3e56313](3e56313))
* **deps:** bump the github-actions group with 2 updates
([#135](#135))
([4538a03](4538a03))
* **deps:** bump the github-actions group with 2 updates
([#62](#62))
([d1e0c09](d1e0c09))
* **deps:** bump the github-actions group with 3 updates
([#87](#87))
([ed550f4](ed550f4))
* **deps:** bump the github-actions group with 6 updates
([#162](#162))
([ec5bb12](ec5bb12))
* **devcontainer:** enhance gitleaks installation with checksum
verification ([#100](#100))
([5a8507d](5a8507d))
* **devcontainer:** refactor setup scripts for improved dependency
management ([#94](#94))
([f5f50d1](f5f50d1)),
closes [#98](#98)
* **security:** configure GitHub branch protection for OpenSSF
compliance ([#191](#191))
([90aab1a](90aab1a))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: hve-core-release-please[bot] <254602402+hve-core-release-please[bot]@users.noreply.github.com>
This was referenced Jan 28, 2026
Closed
Closed
This was referenced Feb 6, 2026
Closed
Closed
Closed
Closed
This was referenced Feb 13, 2026
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@WilliamBerryiii WilliamBerryiii WilliamBerryiii approved these changes

@bindsi bindsi bindsi approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@WilliamBerryiii @bindsi