Skip to content

build(deps): bump zizmor from 1.23.1 to 1.24.1 in /dev-tools#16022

Merged
rmuir merged 1 commit into
mainfrom
dependabot/uv/dev-tools/zizmor-1.24.1
May 2, 2026
Merged

build(deps): bump zizmor from 1.23.1 to 1.24.1 in /dev-tools#16022
rmuir merged 1 commit into
mainfrom
dependabot/uv/dev-tools/zizmor-1.24.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 2, 2026
edited
Loading

Bumps zizmor from 1.23.1 to 1.24.1.

Release notes

Sourced from zizmor's releases.

v1.24.1

Bug Fixes 🐛🔗

  • Fixed a bug where the ref-version-mismatch audit would incorrectly flag some version comments as not containing an appropriate version (#1900)

v1.24.0

New Features 🌈🔗

  • zizmor now allows users to audit from stdin, by passing zizmor - (#1611)

Enhancements 🌱🔗

  • The use-trusted-publishing audit now detects bun publish and bunx npm publish patterns (#1737)

    Many thanks to @​shaanmajid for proposing and implementing this improvement!

  • zizmor's CLI help and usage output now uses a custom color scheme for improved readability (#1747)

  • The secrets-outside-env audit is now configurable with an allowlist of secret names that should not be flagged, even when referenced outside of an environment (#1759)

    Many thanks to @​rmuir for proposing and implementing this improvement!

  • The dependabot-cooldown audit now emits a pedantic finding whenever it encounters a cooldown used with a multi-ecosystem-group, as the two do not interact well (#1780)

  • Recommend gh release upload as a replacement for svenstaro/upload-release-action in superfluous-actions (#1801)

  • Recommend gh issue create as a replacement for dacbd/create-issue-action in superfluous-actions (#1873)

  • The obfuscation audit now emits a finding for with: ${{ expr }} clauses cannot be analyzed (#1772)

  • zizmor --help is now rendered with option groups for improved readability (#1831)

    Many thanks to @​deckstose for implementing this improvement!

  • zizmor's SARIF output now uses codeflows instead of related locations, improving its rendering behavior on GitHub Advanced Security (#1843)

  • The ref-version-mismatch audit now uses a more useful audit description for its findings (#1843)

  • The unpinned-images audit now produces more precise findings for image references that are computed through expressions (#1756)

    Many thanks to @​miketheman for implementing this improvement!

  • The ref-version-mismatch audit now detects missing version comments as well (#1849)

    Many thanks to @​shaanmajid for proposing and implementing this improvement!

Bug Fixes 🐛🔗

  • Fixed a bug where the concurrency-limits audit reported findings at the job level instead of the workflow level (#1627)

... (truncated)

Changelog

Sourced from zizmor's changelog.

1.24.1

Bug Fixes 🐛

  • Fixed a bug where the [ref-version-mismatch] audit would incorrectly flag some version comments as not containing an appropriate version (#1900)

1.24.0

New Features 🌈

  • zizmor now allows users to audit from stdin, by passing zizmor - (#1611)

Enhancements 🌱

  • The [use-trusted-publishing] audit now detects bun publish and bunx npm publish patterns (#1737)

    Many thanks to @​shaanmajid for proposing and implementing this improvement!

  • zizmor's CLI help and usage output now uses a custom color scheme for improved readability (#1747)

  • The [secrets-outside-env] audit is now configurable with an allowlist of secret names that should not be flagged, even when referenced outside of an environment (#1759)

    Many thanks to @​rmuir for proposing and implementing this improvement!

  • The [dependabot-cooldown] audit now emits a pedantic finding whenever it encounters a cooldown used with a multi-ecosystem-group, as the two do not interact well (#1780)

  • Recommend gh release upload as a replacement for @​svenstaro/upload-release-action in [superfluous-actions] (#1801)

  • Recommend gh issue create as a replacement for @​dacbd/create-issue-action in [superfluous-actions] (#1873)

  • The [obfuscation] audit now emits a finding for with: ${{ expr }} clauses cannot be analyzed (#1772)

  • zizmor --help is now rendered with option groups for improved readability (#1831)

    Many thanks to @​deckstose for implementing this improvement!

  • zizmor's SARIF output now uses codeflows instead of related locations, improving its rendering behavior on GitHub Advanced Security (#1843)

  • The [ref-version-mismatch] audit now uses a more useful audit description

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Dependency Updates skip-changelog Apply to PRs that don't need a changelog entry, stopping the automated changelog check. labels May 2, 2026
@dependabot
build(deps): bump zizmor from 1.23.1 to 1.24.1 in /dev-tools
362b3d6 
Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.23.1 to 1.24.1.
- [Release notes](https://github.com/zizmorcore/zizmor/releases)
- [Changelog](https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md)
- [Commits](zizmorcore/zizmor@v1.23.1...v1.24.1)

---
updated-dependencies:
- dependency-name: zizmor
  dependency-version: 1.24.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/uv/dev-tools/zizmor-1.24.1 branch from 548cbb2 to 362b3d6 Compare May 2, 2026 04:05
@rmuir rmuir merged commit dd1d111 into main May 2, 2026
13 checks passed
@dependabot dependabot Bot deleted the dependabot/uv/dev-tools/zizmor-1.24.1 branch May 2, 2026 09:44
sgup432 pushed a commit to sgup432/lucene that referenced this pull request May 4, 2026
@dependabot @sgup432
build(deps): bump zizmor from 1.23.1 to 1.24.1 in /dev-tools (apache#…
0a5d211 
…16022)

Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.23.1 to 1.24.1.
- [Release notes](https://github.com/zizmorcore/zizmor/releases)
- [Changelog](https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md)
- [Commits](zizmorcore/zizmor@v1.23.1...v1.24.1)

---
updated-dependencies:
- dependency-name: zizmor
  dependency-version: 1.24.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@txwei txwei mentioned this pull request May 18, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Dependency Updates skip-changelog Apply to PRs that don't need a changelog entry, stopping the automated changelog check.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rmuir