chore(deps): bump the dependencies group with 4 updates

[dependabot]

Bumps the dependencies group with 4 updates: actions/setup-go, Songmu/tagpr, goreleaser/goreleaser-action and aquasecurity/trivy-action.

Updates actions/setup-go from 6.2.0 to 6.3.0

Release notes

Sourced from actions/setup-go's releases.

v6.3.0

What's Changed

• Update default Go module caching to use go.mod by @​priyagupta108 in actions/setup-go#705
• Fix golang download url to go.dev by @​178inaba in actions/setup-go#469

Full Changelog: actions/setup-go@v6...v6.3.0

Commits

• 4b73464 Fix golang download url to go.dev (#469)
• a5f9b05 Update default Go module caching to use go.mod (#705)
• See full diff in compare view

Updates Songmu/tagpr from 1.17.0 to 1.17.1

Release notes

Sourced from Songmu/tagpr's releases.

v1.17.1

What's Changed

• add gh2changelog/LICENSE by @​Songmu in Songmu/tagpr#313
• Fix PR description including already shipped PRs when using fixedMajorVersion by @​Konboi in Songmu/tagpr#317
• build(deps): bump Songmu/tagpr from 1.15.0 to 1.17.0 by @​dependabot[bot] in Songmu/tagpr#316
• update google/go-github from v82 to v83 by @​Songmu in Songmu/tagpr#319

Full Changelog: Songmu/tagpr@v1.17.0...v1.17.1

Changelog

Sourced from Songmu/tagpr's changelog.

Changelog

v1.17.1 - 2026-02-25

• add gh2changelog/LICENSE by @​Songmu in Songmu/tagpr#313
• Fix PR description including already shipped PRs when using fixedMajorVersion by @​Konboi in Songmu/tagpr#317
• build(deps): bump Songmu/tagpr from 1.15.0 to 1.17.0 by @​dependabot[bot] in Songmu/tagpr#316
• update google/go-github from v82 to v83 by @​Songmu in Songmu/tagpr#319

v1.17.0 - 2026-02-14

• Add fixedMajorVersion option for multiple major version support by @​Konboi in Songmu/tagpr#296

v1.16.0 - 2026-02-14

• docs: improve README for labels and env vars by @​tokuhirom in Songmu/tagpr#300
• Use scoped release yaml path in github releases by @​wreulicke in Songmu/tagpr#304
• fix: latestSemverTag returns empty for zero-padded calver tags by @​k1LoW in Songmu/tagpr#303
• build(deps): bump golang.org/x/oauth2 from 0.34.0 to 0.35.0 by @​dependabot[bot] in Songmu/tagpr#305
• build(deps): bump github.com/Songmu/gitconfig from 0.2.1 to 0.2.2 by @​dependabot[bot] in Songmu/tagpr#299
• Migrate gh2changelog to monorepo as local submodule by @​Copilot in Songmu/tagpr#307
• Fix: validate tagPrefix in isTagPR for monorepo isolation by @​Copilot in Songmu/tagpr#311

v1.15.0 - 2026-02-01

• feat: allow tagpr.calendarVersioning to accept format string directly by @​k1LoW in Songmu/tagpr#295

v1.14.0 - 2026-01-29

• feat: scoped release configuration by @​wreulicke in Songmu/tagpr#291
• [fix] care nil ReleaseYAML by @​Songmu in Songmu/tagpr#293

v1.13.0 - 2026-01-29

• Add Calendar Versioning (CalVer) support by @​fujiwara in Songmu/tagpr#288
• build(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in Songmu/tagpr#289

v1.12.1 - 2026-01-21

• fix: pass changelog file path to gh2changelog by @​wreulicke in Songmu/tagpr#286

v1.12.0 - 2026-01-21

• feat: add changelogFile for monorepo support by @​wreulicke in Songmu/tagpr#283
• build(deps): bump actions/setup-go from 6.1.0 to 6.2.0 by @​dependabot[bot] in Songmu/tagpr#281

v1.11.1 - 2026-01-13

• fix: add check for both release.yml and release.yaml files by @​nnnkkk7 in Songmu/tagpr#275
• feat: add base_tag output for GitHub Actions by @​178inaba in Songmu/tagpr#277
• fix: scope git log to tagPrefix path in monorepo mode by @​biosugar0 in Songmu/tagpr#274

v1.11.0 - 2026-01-06

• build(deps): bump golang.org/x/oauth2 from 0.33.0 to 0.34.0 by @​dependabot[bot] in Songmu/tagpr#265
• build(deps): bump codecov/codecov-action from 5.5.1 to 5.5.2 by @​dependabot[bot] in Songmu/tagpr#266
• build(deps): bump github.com/Songmu/gitsemvers from 0.0.3 to 0.1.0 by @​dependabot[bot] in Songmu/tagpr#269
• Add tagPrefix configuration for monorepo support by @​biosugar0 in Songmu/tagpr#268
• build(deps): bump github.com/Songmu/gh2changelog from 0.3.0 to 0.4.0 by @​dependabot[bot] in Songmu/tagpr#270

... (truncated)

Commits

• b3fb894 Merge pull request #315 from Songmu/tagpr-from-v1.17.0
• e1cd8c8 [tagpr] update CHANGELOG.md
• d66efe6 [tagpr] prepare for the next release
• efb8e3c add toolchain dierctive to go.mod
• 2e2c83b Merge pull request #318 from Songmu/tagpr-from-gh2changelog-v0.7.1
• dd7daa3 [tagpr] update CHANGELOG.md
• 9d4d791 [tagpr] prepare for the next release
• 01e5307 Merge pull request #319 from Songmu/upadte-google-go-github
• 2caa17e Merge pull request #316 from Songmu/dependabot/github_actions/Songmu/tagpr-1....
• 9b3dc77 update google/go-github from v82 to v83
• Additional commits viewable in compare view

Updates goreleaser/goreleaser-action from 6.4.0 to 7.0.0

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v7.0.0

What's Changed

• feat!: node 24, update deps, rm yarn, ESM by @​caarlos0 in goreleaser/goreleaser-action#533
• sec: pin github action versions by @​caarlos0 in goreleaser/goreleaser-action#514
• docs: Upgrade checkout GitHub Action in README.md by @​dunglas in goreleaser/goreleaser-action#507
• chore(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in goreleaser/goreleaser-action#504
• ci(deps): bump the actions group with 2 updates by @​dependabot[bot] in goreleaser/goreleaser-action#517
• ci(deps): bump the actions group with 2 updates by @​dependabot[bot] in goreleaser/goreleaser-action#523
• ci(deps): bump docker/bake-action from 6.9.0 to 6.10.0 in the actions group by @​dependabot[bot] in goreleaser/goreleaser-action#526
• ci(deps): bump the actions group across 1 directory with 4 updates by @​dependabot[bot] in goreleaser/goreleaser-action#532
• ci(deps): bump actions/checkout from 6.0.1 to 6.0.2 in the actions group by @​dependabot[bot] in goreleaser/goreleaser-action#534
• chore(deps): bump the npm group across 1 directory with 4 updates by @​dependabot[bot] in goreleaser/goreleaser-action#536
• chore(deps): bump @​actions/http-client from 3.0.2 to 4.0.0 in the npm group by @​dependabot[bot] in goreleaser/goreleaser-action#537
• ci(deps): bump docker/setup-buildx-action from 3.10.0 to 3.12.0 in the actions group by @​dependabot[bot] in goreleaser/goreleaser-action#538
• chore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group by @​dependabot[bot] in goreleaser/goreleaser-action#539

Full Changelog: goreleaser/goreleaser-action@v6...v7.0.0

Commits

• ec59f47 fix: yargs usage
• 752dede fix: gitignore
• 1881ae0 ci: update dependabot settings
• fdc5e66 chore: gitignore provenance.json
• 51b5b35 chore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group (#539)
• 4247c53 ci(deps): bump docker/setup-buildx-action in the actions group (#538)
• c169bfd chore(deps): bump @​actions/http-client from 3.0.2 to 4.0.0 in the npm group (...
• 902ab4a chore(deps): bump the npm group across 1 directory with 4 updates (#536)
• c59a691 chore: gitignore
• 56cc8b2 ci: add job to automate dependabot pre-checkin/vendor
• Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.34.0 to 0.34.1

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.34.1

What's Changed

• ci(test): add zizmor security linter for GitHub Actions by @​DmitriyLewen in aquasecurity/trivy-action#502

Full Changelog: aquasecurity/trivy-action@0.34.0...0.34.1

Commits

• e368e32 ci(test): add zizmor security linter for GitHub Actions (#502)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Code Metrics Report

	main (a112091)	#157 (a62b4d4)	+/-
Coverage	37.0%	37.0%	0.0%
Code to Test Ratio	1:2.2	1:2.2	0.0
Test Execution Time	17s	16s	-1s

Details

  |                     | main (a112091) | #157 (a62b4d4) | +/-  |
  |---------------------|----------------|----------------|------|
  | Coverage            |          37.0% |          37.0% | 0.0% |
  |   Files             |             13 |             13 |    0 |
  |   Lines             |           1105 |           1105 |    0 |
  |   Covered           |            409 |            409 |    0 |
  | Code to Test Ratio  |          1:2.2 |          1:2.2 |  0.0 |
  |   Code              |           2377 |           2377 |    0 |
  |   Test              |           5450 |           5450 |    0 |
+ | Test Execution Time |            17s |            16s |  -1s |

---

Reported by octocov