Update pre-commit

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
macisamuele/language-formatters-pre-commit-hooks	repository	minor	v2.15.0 → v2.16.0
python-jsonschema/check-jsonschema	repository	minor	0.35.0 → 0.37.2
rhysd/actionlint	repository	patch	v1.7.9 → v1.7.12
woodruffw/zizmor-pre-commit	repository	minor	v1.18.0 → v1.25.2

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

macisamuele/language-formatters-pre-commit-hooks (macisamuele/language-formatters-pre-commit-hooks)

v2.16.0

Compare Source

python-jsonschema/check-jsonschema (python-jsonschema/check-jsonschema)

v0.37.2

Compare Source

• Update vendored schemas: bitbucket-pipelines, buildkite, circle-ci, dependabot,
  drone-ci, github-actions, github-issue-forms, github-workflows, gitlab-ci, meltano,
  mergify, readthedocs, renovate, taskfile, woodpecker-ci (2026-05-02)

v0.37.1

Compare Source

• Update vendored schemas: buildkite, circle-ci, dependabot, github-workflows,
  gitlab-ci, mergify, readthedocs, renovate, woodpecker-ci (2026-03-25)
• Add Changie.dev schema and pre-commit hook. Thanks :user:edgarrmondragon! (:pr:662)

v0.37.0

Compare Source

• Update vendored schemas: bamboo-spec, bitbucket-pipelines, circle-ci, gitlab-ci,
  mergify, renovate, woodpecker-ci (2026-02-26)
• Removed support for Python 3.9
• Verbose text output has been adjusted. At the first verbosity level (-v),
  all errors are reported but the checked filenames are no longer displayed. The
  list of filenames checked is now emitted at the second verbosity level (-vv)
  and above. (:issue:648)
• check-jsonschema's sdist contents are now validated with check-sdist, and missing
  files have been added.

v0.36.2

Compare Source

• Update vendored schemas: circle-ci, gitlab-ci, mergify, renovate, snapcraft,
  woodpecker-ci (2026-02-15)

v0.36.1

Compare Source

• Update vendored schemas: buildkite, circle-ci, dependabot, github-issue-forms,
  github-workflows, gitlab-ci, mergify, readthedocs, renovate, snapcraft, taskfile
  (2026-01-25)

v0.36.0

Compare Source

• Update vendored schemas: bitbucket-pipelines, buildkite, circle-ci, dependabot,
  gitlab-ci, mergify, readthedocs, renovate, snapcraft (2025-12-14)
• Add GitHub Discussion category forms schema and pre-commit hook. Thanks :user:edgarrmondragon! (:pr:626)

rhysd/actionlint (rhysd/actionlint)

v1.7.12

Compare Source

• Support the timezone configuration in on.schedule with checks for IANA timezone string. See the documentation for more details. Note that actionlint starts to embed the timezone database in the executables from this version so the binary sizes slightly increase. (#​641, thanks @​martincostello)

  on:
    schedule:
      # ERROR: The timezone is not a valid IANA timezone string
      - cron: '*/5 * * * *'
        timezone: 'Asia/Somewhere'

• Support the jobs.<job_name>.environment.deployment configuration. (#​639, thanks @​springmeyer)
• Support the macos-26-intel runner label. (#​629, thanks @​hugovk)
• Fix the table of webhook activity types are outdated by rebuilding the script to scrape the table from scratch.
• Support Go 1.26 and drop the support for Go 1.24. Now supported versions are 1.25 and 1.26.
• Tests are run on arm64 Windows in CI.
• Update the popular actions data set to the latest.

[Changes][v1.7.12]

v1.7.11

Compare Source

• Support the case() function in ${{ }} expressions which was recently added to GitHub Actions. (#​612, #​614, thanks @​heppu)

  env:
    # ERROR: case() requires an odd number of arguments
    ENVIRONMENT: |-
      ${{ case(
        github.ref == 'refs/heads/main', 'production',
        github.ref == 'refs/heads/staging', 'staging'
      ) }}

• Support new macos-26-large and windows-2025-vs2026 runner labels. See the GitHub's announce for more details. (#​615, thanks @​hugovk and @​muzimuzhi)
• Enable Artifact attestations for the released binaries. From v1.7.11 gh command can verify the integrity of the downloaded binaries as follows. The verification is highly recommended in terms of supply chain security. (#​608, thanks @​takaram)

  $ gh release download --repo rhysd/actionlint --pattern '*_darwin_amd64.tar.gz' v1.7.11
  $ gh attestation verify --repo rhysd/actionlint actionlint_1.7.11_darwin_amd64.tar.gz
  Loaded digest sha256:17ffc17fed8f0258ef6ad4aed932d3272464c7ef7d64e1cb0d65aa97c9752107 for file://actionlint_1.7.11_darwin_amd64.tar.gz
  Loaded 1 attestation from GitHub API
  
  The following policy criteria will be enforced:
  - Predicate type must match:................ https://slsa.dev/provenance/v1
  - Source Repository Owner URI must match:... https://github.com/rhysd
  - Source Repository URI must match:......... https://github.com/rhysd/actionlint
  - Subject Alternative Name must match regex: (?i)^https://github.com/rhysd/actionlint/
  - OIDC Issuer must match:................... https://token.actions.githubusercontent.com
  
  ✓ Verification succeeded!
  
  The following 1 attestation matched the policy criteria
  
  - Attestation #​1
    - Build repo:..... rhysd/actionlint
    - Build workflow:. .github/workflows/release.yaml@refs/tags/v1.7.11
    - Signer repo:.... rhysd/actionlint
    - Signer workflow: .github/workflows/release.yaml@refs/tags/v1.7.11

• Report path filters with ./ because they never match anything. (#​521)

  on:
    push:
      paths:
        # ERROR: This never matches anything. `foo/bar.txt` is correct.
        - ./foo/bar.txt

• Fix comparing matrix items when an item is a super set of another item. (#​523, #​613, thanks @​michaelgruenewald)
• Fix stack overflow crash by a recursive anchor in matrix items. (#​610)
• Fix a unassigned variable false positive from shellcheck by disabling SC2153 rule. (#​573)
• Reduce the number of memory allocations on resolving anchors.
• Update the popular actions data set to the latest.
• Update Go dependencies to the latest.
• Remove legacy Homebrew formula in rhysd/actionlint repository in favor of the cask package. Note that this change does not affect Homebrew's official formula.
• Add a link to the release page of the version in the playground.

[Changes][v1.7.11]

v1.7.10

Compare Source

• Support YAML anchors and aliases (&anchor and *anchor) in workflow files. In addition to parsing YAML anchors correctly, actionlint checks unused and undefined anchors. See the document for more details. (#​133, thanks @​srz-zumix for the initial implementation at #​568 and @​alexaandru for trying another approach at #​557)

  jobs:
    test:
      runs-on: ubuntu-latest
      services:
        nginx:
          image: nginx:latest
          credentials: &credentials
            username: ${{ secrets.user }}
            password: ${{ secrets.password }}
      steps:
        - run: ./download.sh
          # OK: Valid alias to &credentials
          env: *credentials
        - run: ./check.sh
          # ERROR: Undefined anchor 'credential'
          env: *credential
        - run: ./upload.sh
          # ERROR: Unused anchor 'credentials'
          env: &credentials

• Remove support for *-xl macOS runner labels because they were dropped. (#​592, thanks @​muzimuzhi)
• Remove support for the macOS 13 runner labels because they were dropped on Dec 4, 2025. (#​593, thanks @​muzimuzhi)
  • macos-13
  • macos-13-large
  • macos-13-xlarge
• Increase the maximum number of inputs in the workflow_dispatch event from 10 to 25 because the limitation was recently relaxed. (#​598, thanks @​Haegi)
• Support artifact-metadata permission for workflow permissions. (#​602, thanks @​martincostello)
• Detect more complicated constants at if: conditions as error. See the rule document for more details.
• Refactor the workflow parser with Go iterators. This slightly improves the performance and memory usage.
• Fix parsing extra { and } characters in format string of format() function call. For example v1.7.9 didn't parse "{{0} {1} {2}}" correctly.
• Detect an invalid value at type in workflow call inputs as error.
• Report YAML merge key << as error because GitHub Actions doesn't support the syntax.
• Check available contexts in expressions at jobs.<job_id>.snapshot.if.

  snapshot:
    image-name: my-custom-image
    # ERROR: `env` context is not allowed here
    if: ${{ env.USE_SNAPSHOT == 'true' }}

• Fix the instruction to install actionlint with mise in the installation document. (#​591, thanks @​risu729)
• Update the popular actions data set to the latest to include new major versions of the actions.

[Changes][v1.7.10]

woodruffw/zizmor-pre-commit (woodruffw/zizmor-pre-commit)

v1.25.2

Compare Source

See: https://github.com/zizmorcore/zizmor/releases/tag/v1.25.2

v1.25.1

Compare Source

See: https://github.com/zizmorcore/zizmor/releases/tag/v1.25.1

v1.25.0

Compare Source

See: https://github.com/zizmorcore/zizmor/releases/tag/v1.25.0

v1.24.1

Compare Source

See: https://github.com/zizmorcore/zizmor/releases/tag/v1.24.1

v1.24.0

Compare Source

See: https://github.com/zizmorcore/zizmor/releases/tag/v1.24.0

v1.23.1

Compare Source

See: https://github.com/zizmorcore/zizmor/releases/tag/v1.23.1

v1.23.0

Compare Source

See: https://github.com/zizmorcore/zizmor/releases/tag/v1.23.0

v1.22.0

Compare Source

See: https://github.com/zizmorcore/zizmor/releases/tag/v1.22.0

v1.21.0

Compare Source

See: https://github.com/zizmorcore/zizmor/releases/tag/v1.21.0

v1.20.0

Compare Source

See: https://github.com/zizmorcore/zizmor/releases/tag/v1.20.0

v1.19.0

Compare Source

See: https://github.com/zizmorcore/zizmor/releases/tag/v1.19.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.39%. Comparing base (0f3c0ce) to head (86ac21b).

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #129      +/-   ##
==========================================
+ Coverage   91.96%   92.39%   +0.42%     
==========================================
  Files           7        7              
  Lines         647      644       -3     
==========================================
  Hits          595      595              
+ Misses         52       49       -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.