chore(deps): bump the dependencies group across 1 directory with 4 updates

[dependabot]

Bumps the dependencies group with 4 updates in the / directory: k1LoW/octocov-action, shogo82148/actions-go-fuzz, Songmu/tagpr and goreleaser/goreleaser-action.

Updates k1LoW/octocov-action from 1.5.0 to 1.5.1

Release notes

Sourced from k1LoW/octocov-action's releases.

v1.5.1

What's Changed

Other Changes

• Document the required permissions by @​exoego in k1LoW/octocov-action#18
• chore(deps): bump the dependencies group with 4 updates by @​dependabot[bot] in k1LoW/octocov-action#20
• chore(deps): bump k1LoW/gh-setup from 1.11.2 to 1.11.3 in the dependencies group by @​dependabot[bot] in k1LoW/octocov-action#21
• chore(deps): bump the dependencies group with 3 updates by @​dependabot[bot] in k1LoW/octocov-action#23
• chore(deps): bump the dependencies group with 3 updates by @​dependabot[bot] in k1LoW/octocov-action#24
• chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 in the dependencies group by @​dependabot[bot] in k1LoW/octocov-action#25
• chore(deps): bump the dependencies group across 1 directory with 2 updates by @​dependabot[bot] in k1LoW/octocov-action#27
• chore(deps): bump the dependencies group across 1 directory with 2 updates by @​dependabot[bot] in k1LoW/octocov-action#29
• chore(deps): bump Songmu/tagpr from 1.11.0 to 1.11.1 in the dependencies group by @​dependabot[bot] in k1LoW/octocov-action#30
• chore(deps): bump the dependencies group with 2 updates by @​dependabot[bot] in k1LoW/octocov-action#31
• chore(deps): bump Songmu/tagpr from 1.12.1 to 1.15.0 in the dependencies group by @​dependabot[bot] in k1LoW/octocov-action#32
• chore(deps): bump k1LoW/gh-setup from 1.11.6 to 1.11.7 in the dependencies group by @​dependabot[bot] in k1LoW/octocov-action#33
• chore(deps): bump the dependencies group across 1 directory with 2 updates by @​dependabot[bot] in k1LoW/octocov-action#35
• chore(deps): bump Songmu/tagpr from 1.18.2 to 1.18.3 in the dependencies group by @​dependabot[bot] in k1LoW/octocov-action#36

New Contributors

• @​exoego made their first contribution in k1LoW/octocov-action#18
• @​dependabot[bot] made their first contribution in k1LoW/octocov-action#20

Full Changelog: k1LoW/octocov-action@v1.5.0...v1.5.1

Changelog

Sourced from k1LoW/octocov-action's changelog.

Changelog

v1.5.1 - 2026-04-25

Other Changes

• Document the required permissions by @​exoego in k1LoW/octocov-action#18
• chore(deps): bump the dependencies group with 4 updates by @​dependabot[bot] in k1LoW/octocov-action#20
• chore(deps): bump k1LoW/gh-setup from 1.11.2 to 1.11.3 in the dependencies group by @​dependabot[bot] in k1LoW/octocov-action#21
• chore(deps): bump the dependencies group with 3 updates by @​dependabot[bot] in k1LoW/octocov-action#23
• chore(deps): bump the dependencies group with 3 updates by @​dependabot[bot] in k1LoW/octocov-action#24
• chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 in the dependencies group by @​dependabot[bot] in k1LoW/octocov-action#25
• chore(deps): bump the dependencies group across 1 directory with 2 updates by @​dependabot[bot] in k1LoW/octocov-action#27
• chore(deps): bump the dependencies group across 1 directory with 2 updates by @​dependabot[bot] in k1LoW/octocov-action#29
• chore(deps): bump Songmu/tagpr from 1.11.0 to 1.11.1 in the dependencies group by @​dependabot[bot] in k1LoW/octocov-action#30
• chore(deps): bump the dependencies group with 2 updates by @​dependabot[bot] in k1LoW/octocov-action#31
• chore(deps): bump Songmu/tagpr from 1.12.1 to 1.15.0 in the dependencies group by @​dependabot[bot] in k1LoW/octocov-action#32
• chore(deps): bump k1LoW/gh-setup from 1.11.6 to 1.11.7 in the dependencies group by @​dependabot[bot] in k1LoW/octocov-action#33
• chore(deps): bump the dependencies group across 1 directory with 2 updates by @​dependabot[bot] in k1LoW/octocov-action#35
• chore(deps): bump Songmu/tagpr from 1.18.2 to 1.18.3 in the dependencies group by @​dependabot[bot] in k1LoW/octocov-action#36

v1.6.0 - 2026-04-20

Other Changes

• Document the required permissions by @​exoego in k1LoW/octocov-action#18
• chore(deps): bump the dependencies group with 4 updates by @​dependabot[bot] in k1LoW/octocov-action#20
• chore(deps): bump k1LoW/gh-setup from 1.11.2 to 1.11.3 in the dependencies group by @​dependabot[bot] in k1LoW/octocov-action#21
• chore(deps): bump the dependencies group with 3 updates by @​dependabot[bot] in k1LoW/octocov-action#23
• chore(deps): bump the dependencies group with 3 updates by @​dependabot[bot] in k1LoW/octocov-action#24
• chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 in the dependencies group by @​dependabot[bot] in k1LoW/octocov-action#25
• chore(deps): bump the dependencies group across 1 directory with 2 updates by @​dependabot[bot] in k1LoW/octocov-action#27
• chore(deps): bump the dependencies group across 1 directory with 2 updates by @​dependabot[bot] in k1LoW/octocov-action#29
• chore(deps): bump Songmu/tagpr from 1.11.0 to 1.11.1 in the dependencies group by @​dependabot[bot] in k1LoW/octocov-action#30
• chore(deps): bump the dependencies group with 2 updates by @​dependabot[bot] in k1LoW/octocov-action#31
• chore(deps): bump Songmu/tagpr from 1.12.1 to 1.15.0 in the dependencies group by @​dependabot[bot] in k1LoW/octocov-action#32
• chore(deps): bump k1LoW/gh-setup from 1.11.6 to 1.11.7 in the dependencies group by @​dependabot[bot] in k1LoW/octocov-action#33
• chore(deps): bump the dependencies group across 1 directory with 2 updates by @​dependabot[bot] in k1LoW/octocov-action#35
• chore(deps): bump Songmu/tagpr from 1.18.2 to 1.18.3 in the dependencies group by @​dependabot[bot] in k1LoW/octocov-action#36

v1.5.0 - 2025-03-19

Other Changes

• fix: pin dependencies by @​k1LoW in k1LoW/octocov-action#16

v1.4.0 - 2024-09-08

Other Changes

• Add inputs.args parameter by @​lufia in k1LoW/octocov-action#13

v1.3.0 - 2024-01-30

Breaking Changes 🛠

• Support for setting install directory by @​k1LoW in k1LoW/octocov-action#11

v1.2.0 - 2024-01-29

Breaking Changes 🛠

... (truncated)

Commits

• b3b6ee6 Merge pull request #37 from k1LoW/tagpr-from-v1.5.0
• aefb1ea [tagpr] update CHANGELOG.md
• 6f01c1a [tagpr] prepare for the next release
• f4b2848 Merge pull request #19 from k1LoW/tagpr-from-v1.5.0
• 9851f0f [tagpr] update CHANGELOG.md
• 0af5d19 [tagpr] prepare for the next release
• a041818 Merge pull request #36 from k1LoW/dependabot/github_actions/dependencies-72a2...
• 742f983 chore(deps): bump Songmu/tagpr in the dependencies group
• 2841057 Merge pull request #35 from k1LoW/dependabot/github_actions/dependencies-bd5c...
• e02b4a8 chore(deps): bump the dependencies group across 1 directory with 2 updates
• Additional commits viewable in compare view

Updates shogo82148/actions-go-fuzz from 1.2.0 to 1.2.1

Release notes

Sourced from shogo82148/actions-go-fuzz's releases.

v1.2.1

What's Changed

• Bump github/codeql-action from 4.35.1 to 4.35.2 by @​dependabot[bot] in shogo82148/actions-go-fuzz#951
• Bump prettier from 3.8.2 to 3.8.3 by @​dependabot[bot] in shogo82148/actions-go-fuzz#952
• Bump typescript from 5.8.3 to 6.0.3 by @​dependabot[bot] in shogo82148/actions-go-fuzz#957
• Bump typescript-eslint from 8.58.1 to 8.58.2 by @​dependabot[bot] in shogo82148/actions-go-fuzz#948
• Bump actions/setup-node from 6.3.0 to 6.4.0 by @​dependabot[bot] in shogo82148/actions-go-fuzz#962
• Bump rollup from 4.60.1 to 4.60.2 by @​dependabot[bot] in shogo82148/actions-go-fuzz#963
• Bump eslint from 10.2.0 to 10.2.1 by @​dependabot[bot] in shogo82148/actions-go-fuzz#964
• Bump typescript-eslint from 8.58.2 to 8.59.0 by @​dependabot[bot] in shogo82148/actions-go-fuzz#965
• Bump @​actions/http-client from 4.0.0 to 4.0.1 by @​dependabot[bot] in shogo82148/actions-go-fuzz#974
• Bump @​actions/core from 3.0.0 to 3.0.1 by @​dependabot[bot] in shogo82148/actions-go-fuzz#975
• Bump typescript-eslint from 8.59.0 to 8.59.1 by @​dependabot[bot] in shogo82148/actions-go-fuzz#982
• Bump eslint from 10.2.1 to 10.3.0 by @​dependabot[bot] in shogo82148/actions-go-fuzz#986
• Bump github/codeql-action from 4.35.2 to 4.35.3 by @​dependabot[bot] in shogo82148/actions-go-fuzz#985
• Bump fast-xml-parser from 5.5.11 to 5.7.2 by @​dependabot[bot] in shogo82148/actions-go-fuzz#978

Full Changelog: shogo82148/actions-go-fuzz@v1.2.0...v1.2.1

Commits

• 0b7e2a3 Merge pull request #978 from shogo82148/dependabot/npm_and_yarn/fast-xml-pars...
• a7c7fa4 npm run bundle
• f721d0a Bump fast-xml-parser from 5.5.11 to 5.7.2
• 9f7a14e Merge pull request #985 from shogo82148/dependabot/github_actions/github/code...
• bdd130a Merge pull request #986 from shogo82148/dependabot/npm_and_yarn/eslint-10.3.0
• cb3fb11 Bump eslint from 10.2.1 to 10.3.0
• a359771 Bump github/codeql-action from 4.35.2 to 4.35.3
• de4100d Merge pull request #982 from shogo82148/dependabot/npm_and_yarn/typescript-es...
• 03ff5c6 Bump typescript-eslint from 8.59.0 to 8.59.1
• 758ae5b Merge pull request #975 from shogo82148/dependabot/npm_and_yarn/actions/core-...
• Additional commits viewable in compare view

Updates Songmu/tagpr from 1.18.2 to 1.18.3

Release notes

Sourced from Songmu/tagpr's releases.

v1.18.3

What's Changed

• Fix previous tag detection after switching from semver to calver by @​katutoshi in Songmu/tagpr#342
• build(deps): bump Songmu/tagpr from 1.17.1 to 1.18.2 by @​dependabot[bot] in Songmu/tagpr#343
• build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by @​dependabot[bot] in Songmu/tagpr#344

New Contributors

• @​katutoshi made their first contribution in Songmu/tagpr#342

Full Changelog: Songmu/tagpr@v1.18.2...v1.18.3

Changelog

Sourced from Songmu/tagpr's changelog.

Changelog

v1.18.3 - 2026-04-17

• Fix previous tag detection after switching from semver to calver by @​katutoshi in Songmu/tagpr#342
• build(deps): bump Songmu/tagpr from 1.17.1 to 1.18.2 by @​dependabot[bot] in Songmu/tagpr#343
• build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by @​dependabot[bot] in Songmu/tagpr#344

v1.18.2 - 2026-04-12

• fix: respect version labels in monorepo using --first-parent by @​Ito-Ryu in Songmu/tagpr#340

v1.18.1 - 2026-04-05

• Clear PR Base before Edit to avoid duplicate synchronize webhooks by @​178inaba in Songmu/tagpr#336

v1.18.0 - 2026-04-05

• build(deps): bump actions/setup-go from 6.2.0 to 6.3.0 by @​dependabot[bot] in Songmu/tagpr#322
• build(deps): bump Songmu/tagpr from 1.17.0 to 1.17.1 by @​dependabot[bot] in Songmu/tagpr#323
• build(deps): bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 by @​dependabot[bot] in Songmu/tagpr#325
• build(deps): bump actions/create-github-app-token from 2.2.1 to 3.0.0 by @​dependabot[bot] in Songmu/tagpr#327
• Add retry to latestPullRequest for commit-to-PR index race condition by @​babarot in Songmu/tagpr#333
• fix: CalVer not working correctly with zero-padded formats (fixes #320) by @​oharo3109 in Songmu/tagpr#321
• Ignore labels from Dependabot PRs in version determination by @​Songmu in Songmu/tagpr#334
• build(deps): bump actions/setup-go from 6.3.0 to 6.4.0 by @​dependabot[bot] in Songmu/tagpr#331
• build(deps): bump codecov/codecov-action from 5.5.2 to 6.0.0 by @​dependabot[bot] in Songmu/tagpr#332

v1.17.1 - 2026-02-25

• add gh2changelog/LICENSE by @​Songmu in Songmu/tagpr#313
• Fix PR description including already shipped PRs when using fixedMajorVersion by @​Konboi in Songmu/tagpr#317
• build(deps): bump Songmu/tagpr from 1.15.0 to 1.17.0 by @​dependabot[bot] in Songmu/tagpr#316
• update google/go-github from v82 to v83 by @​Songmu in Songmu/tagpr#319

v1.17.0 - 2026-02-14

• Add fixedMajorVersion option for multiple major version support by @​Konboi in Songmu/tagpr#296

v1.16.0 - 2026-02-14

• docs: improve README for labels and env vars by @​tokuhirom in Songmu/tagpr#300
• Use scoped release yaml path in github releases by @​wreulicke in Songmu/tagpr#304
• fix: latestSemverTag returns empty for zero-padded calver tags by @​k1LoW in Songmu/tagpr#303
• build(deps): bump golang.org/x/oauth2 from 0.34.0 to 0.35.0 by @​dependabot[bot] in Songmu/tagpr#305
• build(deps): bump github.com/Songmu/gitconfig from 0.2.1 to 0.2.2 by @​dependabot[bot] in Songmu/tagpr#299
• Migrate gh2changelog to monorepo as local submodule by @​Copilot in Songmu/tagpr#307
• Fix: validate tagPrefix in isTagPR for monorepo isolation by @​Copilot in Songmu/tagpr#311

v1.15.0 - 2026-02-01

• feat: allow tagpr.calendarVersioning to accept format string directly by @​k1LoW in Songmu/tagpr#295

v1.14.0 - 2026-01-29

• feat: scoped release configuration by @​wreulicke in Songmu/tagpr#291
• [fix] care nil ReleaseYAML by @​Songmu in Songmu/tagpr#293

v1.13.0 - 2026-01-29

... (truncated)

Commits

• 9bbb945 Merge pull request #347 from Songmu/tagpr-from-v1.18.2
• be7142b [tagpr] update CHANGELOG.md
• 5bc7cf2 [tagpr] prepare for the next release
• 40a60a0 Merge pull request #346 from Songmu/tagpr-from-gh2changelog-v0.7.2
• e0cba8a Merge pull request #344 from Songmu/dependabot/github_actions/actions/create-...
• 18b8a7f Merge pull request #343 from Songmu/dependabot/github_actions/Songmu/tagpr-1....
• 734f50c [tagpr] update CHANGELOG.md
• a4812cf [tagpr] prepare for the next release
• b11c1e3 Merge pull request #342 from katutoshi/fix/calver-previous-tag-detection
• f61e3fd build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1
• Additional commits viewable in compare view

Updates goreleaser/goreleaser-action from 7.0.0 to 7.2.1

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v7.2.1

This fully removes the usage of the old nightly moving tag.

Full Changelog: goreleaser/goreleaser-action@v7.2.0...v7.2.1

v7.2.0

What's Changed

• test: cover install across release eras by @​caarlos0 in goreleaser/goreleaser-action#555
• feat: add version-file input by @​caarlos0 in goreleaser/goreleaser-action#556
• feat: resolve nightly to latest vX.Y.Z--nightly release by @​caarlos0 in goreleaser/goreleaser-action#558

Full Changelog: goreleaser/goreleaser-action@v7...v7.2.0

v7.1.0

What's Changed

• feat: verify release checksum and cosign signature by @​caarlos0 in goreleaser/goreleaser-action#550
• docs: document cosign verification in README by @​caarlos0 in goreleaser/goreleaser-action#553
• docs: Upgrade import GPG action version by @​flecno in goreleaser/goreleaser-action#547
• ci: drop docker-bake in favor of plain npm by @​caarlos0 in goreleaser/goreleaser-action#551
• ci: add release-major-tag workflow by @​caarlos0 in goreleaser/goreleaser-action#552
• ci: drop pre-cosign-v3 goreleaser versions from tests by @​caarlos0 in goreleaser/goreleaser-action#554
• ci(deps): bump the actions group with 2 updates by @​dependabot[bot] in goreleaser/goreleaser-action#543
• ci(deps): bump the actions group with 5 updates by @​dependabot[bot] in goreleaser/goreleaser-action#546
• chore(deps): bump undici from 6.23.0 to 6.24.1 by @​dependabot[bot] in goreleaser/goreleaser-action#545

New Contributors

• @​flecno made their first contribution in goreleaser/goreleaser-action#547

Full Changelog: goreleaser/goreleaser-action@v7...v7.1.0

Commits

• 1a80836 ci(nightly): pass GITHUB_TOKEN to nightly integration job
• a71152e refactor: drop legacy 'nightly' tag fallback
• 4c6ab56 feat: resolve nightly to latest vX.Y.Z-<sha>-nightly release (#558)
• 4f96abf feat: add version-file input (#556)
• 15fa2a9 test: cover install across release eras (#555)
• e24998b ci: drop pre-cosign-v3 goreleaser versions from tests (#554)
• be2e8a3 docs: document cosign verification in README (#553)
• 5e53f8e ci: add release-major-tag workflow (#552)
• 4068afa build: drop docker-bake in favor of plain npm (#551)
• 213ec80 docs: add CONTRIBUTING with pre-commit workflow
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Code Metrics Report

	main (38d7305)	#519 (df64820)	+/-
Coverage	33.7%	33.7%	0.0%
Code to Test Ratio	1:0.9	1:0.9	0.0
Test Execution Time	11s	10s	-1s

Details

  |                     | main (38d7305) | #519 (df64820) | +/-  |
  |---------------------|----------------|----------------|------|
  | Coverage            |          33.7% |          33.7% | 0.0% |
  |   Files             |             31 |             31 |    0 |
  |   Lines             |           3407 |           3407 |    0 |
  |   Covered           |           1151 |           1151 |    0 |
  | Code to Test Ratio  |          1:0.9 |          1:0.9 |  0.0 |
  |   Code              |           7022 |           7022 |    0 |
  |   Test              |           6578 |           6578 |    0 |
+ | Test Execution Time |            11s |            10s |  -1s |

---

Reported by octocov