fix(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
actions/checkout	action	minor	v4.2.2 → v4.3.1
actions/github-script	action	minor	v7.0.1 → v7.1.0
actions/setup-go	action	minor	v5.5.0 → v5.6.0
alpine		digest	4bcff63 → 2510918
alpine	final	minor	3.22.1 → 3.23.3
codecov/codecov-action	action	minor	v5.4.3 → v5.5.2
docker.io/library/alpine		minor	3.22.1 → 3.23.3
docker.io/target/vela-git-slim		minor	v0.12.1 → v0.13.0
docker/build-push-action	action	minor	v6.18.0 → v6.19.2
docker/login-action	action	minor	v3.4.0 → v3.7.0
docker/metadata-action	action	minor	v5.7.0 → v5.10.0
github.com/alecthomas/chroma/v2	require	minor	v2.19.0 → v2.23.1
github.com/gin-gonic/gin	require	minor	v1.11.0 → v1.12.0
github.com/go-vela/sdk-go	require	minor	v0.27.2-0.20251230154052-e1dae5f07d93 → v0.28.0-rc2
github.com/go-vela/server	require	patch	v0.27.3-0.20260107161845-56fd3db7dbff → v0.27.5
github.com/go-vela/worker	require	minor	v0.27.4-0.20260121151236-120915fe35a9 → v0.28.0-rc1
github.com/golang-jwt/jwt/v5	require	patch	v5.3.0 → v5.3.1
github.com/sirupsen/logrus	require	patch	v1.9.3 → v1.9.4
github.com/spf13/afero	require	minor	v1.14.0 → v1.15.0
github.com/urfave/cli-docs/v3	require	minor	v3.0.0-alpha6 → v3.1.0
github.com/urfave/cli/v3	require	minor	v3.5.0 → v3.7.0
github/codeql-action	action	minor	v3.29.5 → v3.32.4
golang.org/x/term	require	minor	v0.34.0 → v0.40.0

---

Release Notes

actions/checkout (actions/checkout)

v4.3.1

Compare Source

What's Changed

• Port v6 cleanup to v4 by @​ericsciple in #​2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

Compare Source

What's Changed

• docs: update README.md by @​motss in #​1971
• Add internal repos for checking out multiple repositories by @​mouismail in #​1977
• Documentation update - add recommended permissions to Readme by @​benwells in #​2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in #​2044
• Update README.md by @​nebuk89 in #​2194
• Update CODEOWNERS for actions by @​TingluoHuang in #​2224
• Update package dependencies by @​salmanmkc in #​2236
• Prepare release v4.3.0 by @​salmanmkc in #​2237

New Contributors

• @​motss made their first contribution in #​1971
• @​mouismail made their first contribution in #​1977
• @​benwells made their first contribution in #​2043
• @​nebuk89 made their first contribution in #​2194
• @​salmanmkc made their first contribution in #​2236

Full Changelog: actions/checkout@v4...v4.3.0

actions/github-script (actions/github-script)

v7.1.0

Compare Source

What's Changed

• Upgrade husky to v9 by @​benelan in #​482
• Add workflow file for publishing releases to immutable action package by @​Jcambass in #​485
• Upgrade IA Publish by @​Jcambass in #​486
• Fix workflow status badges by @​joshmgross in #​497
• Update usage of actions/upload-artifact by @​joshmgross in #​512
• Clear up package name confusion by @​joshmgross in #​514
• Update dependencies with npm audit fix by @​joshmgross in #​515
• Specify that the used script is JavaScript by @​timotk in #​478
• chore: Add Dependabot for NPM and Actions by @​nschonni in #​472
• Define permissions in workflows and update actions by @​joshmgross in #​531
• chore: Add Dependabot for .github/actions/install-dependencies by @​nschonni in #​532
• chore: Remove .vscode settings by @​nschonni in #​533
• ci: Use github/setup-licensed by @​nschonni in #​473
• make octokit instance available as octokit on top of github, to make it easier to seamlessly copy examples from GitHub rest api or octokit documentations by @​iamstarkov in #​508
• Remove octokit README updates for v7 by @​joshmgross in #​557
• docs: add "exec" usage examples by @​neilime in #​546
• Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by @​dependabot[bot] in #​563
• Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by @​dependabot[bot] in #​575
• Clearly document passing inputs to the script by @​joshmgross in #​603
• Update README.md by @​nebuk89 in #​610

New Contributors

• @​benelan made their first contribution in #​482
• @​Jcambass made their first contribution in #​485
• @​timotk made their first contribution in #​478
• @​iamstarkov made their first contribution in #​508
• @​neilime made their first contribution in #​546
• @​nebuk89 made their first contribution in #​610

Full Changelog: actions/github-script@v7...v7.1.0

actions/setup-go (actions/setup-go)

v5.6.0

Compare Source

What's Changed

• Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @​aparnajyothi-y in #​689

Full Changelog: actions/setup-go@v5...v5.6.0

codecov/codecov-action (codecov/codecov-action)

v5.5.2

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

Compare Source

What's Changed

• fix: overwrite pr number on fork by @​thomasrockhu-codecov in #​1871
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​app/dependabot in #​1868
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​app/dependabot in #​1867
• fix: update to use local app/ dir by @​thomasrockhu-codecov in #​1872
• docs: fix typo in README by @​datalater in #​1866
• Document a codecov-cli version reference example by @​webknjaz in #​1774
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​app/dependabot in #​1861
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​app/dependabot in #​1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

Compare Source

What's Changed

• feat: upgrade wrapper to 0.2.4 by @​jviall in #​1864
• Pin actions/github-script by Git SHA by @​martincostello in #​1859
• fix: check reqs exist by @​joseph-sentry in #​1835
• fix: Typo in README by @​spalmurray in #​1838
• docs: Refine OIDC docs by @​spalmurray in #​1837
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​app/dependabot in #​1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

docker/build-push-action (docker/build-push-action)

v6.19.2

Compare Source

• Preserve port in GIT_AUTH_TOKEN host by @​crazy-max in #​1458

Full Changelog: docker/build-push-action@v6.19.1...v6.19.2

v6.19.1

Compare Source

• Derive GIT_AUTH_TOKEN host from GitHub server URL by @​crazy-max in #​1456

Full Changelog: docker/build-push-action@v6.19.0...v6.19.1

v6.19.0

Compare Source

• Scope default git auth token to github.com by @​crazy-max in #​1451
• Bump brace-expansion from 1.1.11 to 1.1.12 in #​1396
• Bump form-data from 2.5.1 to 2.5.5 in #​1391
• Bump js-yaml from 3.14.1 to 3.14.2 in #​1429
• Bump lodash from 4.17.21 to 4.17.23 in #​1446
• Bump tmp from 0.2.3 to 0.2.4 in #​1398
• Bump undici from 5.28.4 to 5.29.0 in #​1397

Full Changelog: docker/build-push-action@v6.18.0...v6.19.0

docker/login-action (docker/login-action)

v3.7.0

Compare Source

• Add scope input to set scopes for the authentication token by @​crazy-max in #​912
• Add support for AWS European Sovereign Cloud ECR by @​dphi in #​914
• Ensure passwords are redacted with registry-auth input by @​crazy-max in #​911
• build(deps): bump lodash from 4.17.21 to 4.17.23 in #​915

Full Changelog: docker/login-action@v3.6.0...v3.7.0

v3.6.0

Compare Source

• Add registry-auth input for raw authentication to registries by @​crazy-max in #​887
• Bump @​aws-sdk/client-ecr to 3.890.0 in #​882 #​890
• Bump @​aws-sdk/client-ecr-public to 3.890.0 in #​882 #​890
• Bump @​docker/actions-toolkit from 0.62.1 to 0.63.0 in #​883
• Bump brace-expansion from 1.1.11 to 1.1.12 in #​880
• Bump undici from 5.28.4 to 5.29.0 in #​879
• Bump tmp from 0.2.3 to 0.2.4 in #​881

Full Changelog: docker/login-action@v3.5.0...v3.6.0

v3.5.0

Compare Source

• Support dual-stack endpoints for AWS ECR by @​Spacefish @​crazy-max in #​874 #​876
• Bump @​aws-sdk/client-ecr to 3.859.0 in #​860 #​878
• Bump @​aws-sdk/client-ecr-public to 3.859.0 in #​860 #​878
• Bump @​docker/actions-toolkit from 0.57.0 to 0.62.1 in #​870
• Bump form-data from 2.5.1 to 2.5.5 in #​875

Full Changelog: docker/login-action@v3.4.0...v3.5.0

docker/metadata-action (docker/metadata-action)

v5.10.0

Compare Source

• Bump @​docker/actions-toolkit from 0.66.0 to 0.68.0 in #​559 #​569
• Bump js-yaml from 3.14.1 to 3.14.2 in #​564

Full Changelog: docker/metadata-action@v5.9.0...v5.10.0

v5.9.0

Compare Source

• Add tag-names output to return tag names without image base name by @​crazy-max in #​553
• Bump @​babel/runtime-corejs3 from 7.14.7 to 7.28.2 in #​539
• Bump @​docker/actions-toolkit from 0.62.1 to 0.66.0 in #​555
• Bump brace-expansion from 1.1.11 to 1.1.12 in #​540
• Bump csv-parse from 5.6.0 to 6.1.0 in #​532
• Bump semver from 7.7.2 to 7.7.3 in in #​554
• Bump tmp from 0.2.3 to 0.2.5 in #​541

Full Changelog: docker/metadata-action@v5.8.0...v5.9.0

v5.8.0

Compare Source

• New is_not_default_branch global expression by @​crazy-max in #​535
• Allow to match part of the git tag or value for semver/pep440 types by @​crazy-max in #​536 #​537
• Bump @​actions/github from 6.0.0 to 6.0.1 in #​523
• Bump @​docker/actions-toolkit from 0.56.0 to 0.62.1 in #​526
• Bump form-data from 2.5.1 to 2.5.5 in #​533
• Bump moment-timezone from 0.5.47 to 0.6.0 in #​525
• Bump semver from 7.7.1 to 7.7.2 in #​524

Full Changelog: docker/metadata-action@v5.7.0...v5.8.0

alecthomas/chroma (github.com/alecthomas/chroma/v2)

v2.23.1

Compare Source

Changelog

• 5b4188b fix: remove AGPL licensed testdata
• b9b4edc Add .env.* pattern to bash lexer (#​1197)
• f163adc docs: add AGENTS.md
• fe6f0f3 fix: title link to Chroma

v2.23.0

Compare Source

Changelog

• 610afd8 feat: add light/dark mode toggle
• 1b5aad9 fix: make just commands faster
• 84583c6 fix: wait for WASM runtime to become ready at startup
• 1b6f6e7 fix: need relative import for wasm_exec.js
• 2a78195 fix: wasm builds got broken by the last change
• f8a34ec feat: fix local dev so it falls back to server
• 6827057 refactor: migrate to Just
• a60896f Create a lexer for Markless (#​1195)

v2.22.0

Compare Source

Changelog

• 467c878 fix: reverse order of --lexer to name, then file
• 649c24d Add KDL lexer (#​1192)
• 249a634 Add MoonBit lexer (#​1191)
• 3e1f428 Update Zig lexer and example (#​1189)
• 31592d5 fix: no text auto-sizing on webkit (#​1186)
• 2e611c1 Add APKBUILD as filename to Bash lexer (#​1187)
• c1adec8 chore(deps): update all non-major dependencies (#​1185)
• 24cc733 fix(styles): update punctuation in Aura Theme to meet style guidelines (#​1184)
• b0358e8 Add lexer for microcad (#​1171)

v2.21.1

Compare Source

Changelog

• 0fe6941 fix(styles): use kebab-case for style name in Aura Theme variants (#​1183)
• 2408917 chore(deps): update all non-major dependencies (#​1178)
• b527a28 Update lexer lox (#​1175)

v2.21.0

Compare Source

Changelog

• 26a0cc1 feat(styles): add Aura Theme primary variants (#​1177)
• fc10487 Fix (D): multiline comments (#​1173)
• aec4bfc Add support for Device tree (#​1172)
• 8ea696b chore(deps): update actions/checkout action to v6 (#​1167)
• a40a9d3 chore(deps): update dependency binaryen to v125 (#​1168)
• 5486d21 chore(deps): update all non-major dependencies (#​1164)
• 42c2aa1 Add helper script to generate supported langs markdown table (#​1170)
• e799618 chore(deps): update actions/checkout digest to 93cb6ef (#​1163)
• 6b58845 Add Ashen style (#​1169)
• 8b8574c Add Protocol Buffer Text Format Language (txtpb) (#​1165)
• c07ef4b chore(deps): update all non-major dependencies (#​1160)
• 3b5a164 Add lexer for WebAssembly Text Format (#​1161)
• 84d187e github style: background should be grey (#​1159)
• 60e616c Add an alias for Starlark and match *.star files (#​1158)
• 6e68adb chore(deps): update all non-major dependencies (#​1157)
• 9297a7c chore(deps): update all non-major dependencies (#​1155)
• 1074a2a fix(Kotlin): Number literals (#​1139)
• 9c8da0f chore(deps): update all non-major dependencies (#​1153)
• fa92e28 Add file extensions for systemd units using Podman Quadlet (#​1151)
• 57823f0 Add Kakoune lexer (#​1150)
• 1c5b8cb chore(deps): update all non-major dependencies (#​1149)
• c688d92 feat: add support for C3 (#​1148)
• ba111b7 chore(deps): update all non-major dependencies (#​1147)
• b05fcfb tango: Don't underline whitespace (#​1146)
• daa879b chore(deps): update all non-major dependencies (#​1141)
• a5dc086 Add argparse to pygemnts2chroma_xml.py script (#​1140)
• 3f991b1 chore(deps): update dependency binaryen to v124 (#​1138)
• 0ae5ef0 chore(deps): update all non-major dependencies (#​1137)
• 8f9e82f Update Core lexer to adjust for removed keyword enum (#​1136)
• 685ad2c Update Core lexer to adjust for removed keyword const (#​1134)
• e9ffd5a fix: don't emit empty tail tokens (#​1121)
• 4e1403e Add lexer for Ring Language (#​1133)
• 66a939a Add lexer for Game Boy Development System ASM. (#​1117)
• 2984b60 chore(deps): update all non-major dependencies (#​1132)
• 260fa90 update css.xml with current properties (#​1130)
• 70521cf Modelica language support #​1122 (#​1129)
• 09cd573 update css.xml for current grid gap properties (#​1128)
• 339bd37 Fixed **free analysis in RPGLE (#​1116)
• ff52be8 chore(deps): update actions/checkout action to v5 (#​1127)
• 254ca83 Update Core lexer to incorporate change of keyword from use to import (#​1124)
• 2d9c0d1 chore(deps): update all non-major dependencies (#​1123)
• bd10a05 moar has been renamed to moor (#​1125)
• db626fd Analyse() now cares about case-insensitivity (#​1120)

v2.20.0

Compare Source

Changelog

• 303b65d feat: improve tracing
• 1f48e65 fix(markdown): don't delegate to HTML lexer
• ea89498 chore(deps): update ubuntu docker tag to v24 (#​1104)
• 14227ee chore(deps): update dependency biome to v2 (#​1109)
• 4a1dcb2 chore(deps): update dependency uv to v0.8.4 (#​1115)
• dca61f8 chore(deps): pin dependencies (#​1098)
• a21d7b8 chore: go mod tidy + update README list of languages
• 1ca24c9 correct lexing AS keyword for docker (#​1114)
• 1dfa2b6 update css.xml with current properties (#​1113)
• 5b2a4c5 feat(formatter): add writeCSSComments option (#​1112)
• 02ff9d4 Sync Catppuccin styles (#​1111)
• a53c924 Create Lexer for Nu (#​1110)
• 0e031c7 chore(deps): update all non-major dependencies (#​1108)
• 673bbb4 chore(deps): update all non-major dependencies (#​1103)
• 5d56970 Add uv.lock to TOML lexer (#​1105)
• eb9a552 fix: Dockerfile $PORT should be just a port
• acaae4e feat: add Dockerfile for chromad
• f3be4c6 Create lexer for Gemtext (#​1102)
• a0c6dff chore(deps): update all non-major dependencies (#​1099)
• abe0195 Create lexer for lox (#​1100)
• dfb2819 Fixed ObjectPascal comment issue (#​1097)
• 908d2a3 sync catppuccin-mocha.xml with upstream (#​1094)
• acd21c6 add aspect-ratio property to css.xml (#​1095)
• 55d924d chore(deps): update all non-major dependencies (#​1092)
• d0ad679 feat: improve Go lexer
• d2f8caa refactor: simplify WASM init
• fb36d31 chore: apply biome linter fixes
• b69cd3d chore: add JS formatting with biome

gin-gonic/gin (github.com/gin-gonic/gin)

v1.12.0

Compare Source

Features

• feat(render): add bson protocol (#​4145)
• feat(context): add GetError and GetErrorSlice methods for error retrieval (#​4502)
• feat(binding): add support for encoding.UnmarshalText in uri/query binding (#​4203)
• feat(gin): add option to use escaped path (#​4420)
• feat(context): add Protocol Buffers support to content negotiation (#​4423)
• feat(context): implemented Delete method (#​38e7651)
• feat(logger): color latency (#​4146)

Enhancements

• perf(tree): reduce allocations in findCaseInsensitivePath (#​4417)
• perf(recovery): optimize line reading in stack function (#​4466)
• perf(path): replace regex with custom functions in redirectTrailingSlash (#​4414)
• perf(tree): optimize path parsing using strings.Count (#​4246)
• chore(logger): allow skipping query string output (#​4547)
• chore(context): always trust xff headers from unix socket (#​3359)
• chore(response): prevent Flush() panic when the underlying ResponseWriter does not implement http.Flusher (#​4479)
• refactor(recovery): smart error comparison (#​4142)
• refactor(context): replace hardcoded localhost IPs with constants (#​4481)
• refactor(utils): move util functions to utils.go (#​4467)
• refactor(binding): use maps.Copy for cleaner map handling (#​4352)
• refactor(context): using maps.Clone (#​4333)
• refactor(ginS): use sync.OnceValue to simplify engine function (#​4314)
• refactor: replace magic numbers with named constants in bodyAllowedForStatus (#​4529)
• refactor: for loop can be modernized using range over int (#​4392)

Bug Fixes

• fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#​4535)
• fix(render): write content length in Data.Render (#​4206)
• fix(context): ClientIP handling for multiple X-Forwarded-For header values (#​4472)
• fix(binding): empty value error (#​2169)
• fix(recover): suppress http.ErrAbortHandler in recover (#​4336)
• fix(gin): literal colon routes not working with engine.Handler() (#​4415)
• fix(gin): close os.File in RunFd to prevent resource leak (#​4422)
• fix(response): refine hijack behavior for response lifecycle (#​4373)
• fix(binding): improve empty slice/array handling in form binding (#​4380)
• fix(debug): version mismatch (#​4403)
• fix: correct typos, improve documentation clarity, and remove dead code (#​4511)

Build process updates / CI

• ci: update Go version support to 1.25+ across CI and docs (#​4550)
• chore(binding): upgrade bson dependency to mongo-driver v2 (#​4549)

go-vela/sdk-go (github.com/go-vela/sdk-go)

v0.28.0-rc2

Compare Source

What's Changed

• chore(deps): update actions/setup-go action to v6.3.0 by @​renovate[bot] in #​372
• chore: upgrade to 28-rc2 by @​timhuynh94 in #​383

Full Changelog: go-vela/sdk-go@v0.28.0-rc1...v0.28.0-rc2

go-vela/server (github.com/go-vela/server)

v0.27.5

Compare Source

No changes. API spec and JSONSchema were not attached as release assets to the previous release (immutable release). The latter of which powers validation in IDEs and such. This release should address that issue.

Full Changelog: go-vela/server@v0.27.4...v0.27.5

v0.27.4

Compare Source

What's Changed

• fix(api): regen install token if expired for status update by @​ecrupper in #​1375
• chore(deps): update all non major deps for v0.27.4 patch release by @​ecrupper in #​1376

Full Changelog: go-vela/server@v0.27.3...v0.27.4

go-vela/worker (github.com/go-vela/worker)

v0.28.0-rc1

Compare Source

What's Changed

• chore(lint): update worker codebase by @​ecrupper in #​659
• enhance: use context for API calls and refresh install token by @​ecrupper in #​670
• fix(exec): leverage Prepare function to inject container IDs and other info by @​ecrupper in #​671
• fix(secret): use step.Environment for hydrating env in secret containers by @​ecrupper in #​669
• fix(localexec): use correct stage status for local exec by @​ecrupper in #​673
• fix: record proper step state on build timeout by @​wass3r in #​666
• enhance(outputs): abstract outputs processing and replace $REFERENCES by @​ecrupper in #​674
• enhance(outputs): use docker client CopyFromContainer for outputs by @​ecrupper in #​675
• chore(deps): update minor deps, vela mods, and actions workflows by @​ecrupper in [#

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.44%. Comparing base (15bda2c) to head (bc8f1ff).

❌ Your project check has failed because the head coverage (71.44%) is below the target coverage (90.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #617   +/-   ##
=======================================
  Coverage   71.44%   71.44%           
=======================================
  Files         174      174           
  Lines        4718     4718           
=======================================
  Hits         3371     3371           
  Misses       1042     1042           
  Partials      305      305           

Files with missing lines	Coverage Δ
command/pipeline/exec.go	0.00% <ø> (ø)
command/pipeline/validate.go	64.28% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 14 additional dependencies were updated

Details:

Package	Change
github.com/bytedance/sonic	v1.13.3 -> v1.14.0
github.com/bytedance/sonic/loader	v0.2.4 -> v0.3.0
github.com/cloudwego/base64x	v0.1.5 -> v0.1.6
github.com/docker/docker	v28.3.3+incompatible -> v28.5.1+incompatible
github.com/go-playground/validator/v10	v10.26.0 -> v10.27.0
github.com/klauspost/cpuid/v2	v2.2.11 -> v2.3.0
golang.org/x/arch	v0.18.0 -> v0.20.0
golang.org/x/net	v0.42.0 -> v0.43.0
golang.org/x/sync	v0.16.0 -> v0.17.0
golang.org/x/sys	v0.35.0 -> v0.39.0
google.golang.org/protobuf	v1.36.6 -> v1.36.9
k8s.io/api	v0.34.0 -> v0.34.1
k8s.io/apimachinery	v0.34.0 -> v0.34.1
k8s.io/client-go	v0.34.0 -> v0.34.1