chore(deps): bump the github-actions group with 4 updates

[dependabot]

Bumps the github-actions group with 4 updates: bnjbvr/cargo-machete, trufflesecurity/trufflehog, ruby/setup-ruby and taiki-e/install-action.

Updates bnjbvr/cargo-machete from f447148733f2e2d3d9f2a4e4ae2b88a9d11f6298 to d40d1e3265e4161d599ebb902eb9892faf769f6e

Changelog

Sourced from bnjbvr/cargo-machete's changelog.

unreleased

• Improved: add renamed table to track renamed crates (#152 #153).

0.7.0 (released on 2024-09-25)

• Breaking change: Don't search in ignored files (those specified in .ignore/.gitignore) by default. It's possible to use --no-ignore to search in these directories by default (#137).
• Improved: fix false positives for multi dependencies single use statements (#120). This improves precision at the cost of a small performance hit.
• Improved: make usage of --with-metadata more accurate (#122, #132).
• Improved: instead of displaying . for the current directory, cargo-machete will now display this directory (#109).
• Added: There's now an automated docker image build that publishes to the github repository (#121).
• Added: --ignore flag which make cargo-machete respect .ignore and .gitignore files when searching for files (#95).

0.6.2 (released on 2024-03-24)

• Added: shorter display when scanning the current directory (#109).
• Fix: adapt to latest pkgid specification, so as not to crash with --with-metadata (#106).

0.6.1 (released on 2024-02-21)

• Chore: bump major dependencies, to fix parsing issues of Cargo.toml files (#101, #105).

0.6.0 (released on 2023-09-23)

• Breaking/improved: match against crate name case-insensitive (#69).
• Added: Github action (#85). See README for documentation.
• Added: support for ignored workspace dependencies (#57, #86). See README for documentation.
• Added: --version switch to print the version (#66).
• Fix: avoid searching for workspace Cargo.toml longer than needed (#84).
• Chore: better documentation and reporting (#63, #72, #80).

0.5.0 (released on 2022-11-15)

• Breaking: Use argh for parsing. Now, paths of directories to scan must be passed in the last position, when running from the command line (#51).
• Fix rare false positive and speed up most common case (#53).
• Fix loading properties from workspace (#54).

0.4.0 (released on 2022-10-16)

• Added --skip-target-dir to not analyze target/ directories.
• Added a message indicating of any unused dependencies were found or not.
• Support for workspace properties

0.3.1 (released on 2022-06-12)

• Support empty global prefix, e.g. use ::log;.

0.3.0 (released on 2022-05-09)

... (truncated)

Commits

• d40d1e3 build(deps): bump log from 0.4.32 to 0.4.33
• 2ad6d99 build(deps): bump actions/checkout from 6 to 7
• See full diff in compare view

Updates trufflesecurity/trufflehog from 9b6b5326bfe25dbd856eccc8a8275eb5dea7bd52 to 092db2aa9d836cdc0bb2c9fcc93435d026e14d0c

Commits

• 092db2a Fix GitHub App cross-org member enumeration using per-installation tokens (#4...
• See full diff in compare view

Updates ruby/setup-ruby from 1.313.0 to 1.314.0

Release notes

Sourced from ruby/setup-ruby's releases.

v1.314.0

What's Changed

• Add support for ubuntu-26.04 and ubuntu-26.04-arm by @​eregon in ruby/setup-ruby#923

Full Changelog: ruby/setup-ruby@v1.313.0...v1.314.0

Commits

• 9eb537c Add support for ubuntu-26.04 and ubuntu-26.04-arm
• e1a3b10 Improve versions-strings-for-builder.rb
• 0df5288 Remove gem install sassc on Windows JRuby
• See full diff in compare view

Updates taiki-e/install-action from 2.82.1 to 2.82.2

Release notes

Sourced from taiki-e/install-action's releases.

2.82.2

• Update xh@latest to 0.26.1.

• Update uv@latest to 0.11.23.

• Update trivy@latest to 0.71.2.

• Update sccache@latest to 0.16.0.

Changelog

Sourced from taiki-e/install-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning.

[Unreleased]

[2.82.2] - 2026-06-21

• Update xh@latest to 0.26.1.

• Update uv@latest to 0.11.23.

• Update trivy@latest to 0.71.2.

• Update sccache@latest to 0.16.0.

[2.82.1] - 2026-06-20

• Update vacuum@latest to 0.29.4.

• Update uv@latest to 0.11.22.

• Update osv-scanner@latest to 2.4.0.

• Update mise@latest to 2026.6.11.

• Update martin@latest to 1.11.0.

• Update just@latest to 1.53.0.

• Update cargo-zigbuild@latest to 0.23.0.

[2.82.0] - 2026-06-17

• Support cargo-vet. (#1908, thanks @​jakewimmer)

• Support cargo-crap. (#1905, thanks @​BartoszCiesla)

• Support cargo-leptos. (#1903, thanks @​404Simon)

• Update kingfisher@latest to 1.103.0.

• Update cargo-xwin@latest to 0.23.0.

... (truncated)

Commits

• 9e1e580 Release 2.82.2
• 788896b Update zizmor manifest
• 7631577 Update xh@latest to 0.26.1
• e0f1a05 Update uv@latest to 0.11.23
• 3cda1e2 Update trivy@latest to 0.71.2
• 11ac321 Update tombi manifest
• b5f9e33 Update sccache@latest to 0.16.0
• 4e48cd5 Update cargo-tarpaulin manifest
• e0a9235 Update cargo-rdme manifest
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note

Bump GitHub Actions dependencies across CI workflows

Updates pinned commit SHAs for four GitHub Actions used in CI: trufflesecurity/trufflehog, bnjbvr/cargo-machete, ruby/setup-ruby, and taiki-e/install-action. No behavior changes — these are routine dependency bumps to pick up upstream fixes and improvements.

^{Macroscope summarized 3d96621.}

[dependabot]

Labels

The following labels could not be found: security. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[codeant-ai]

Skipping PR review because a bot author is detected.

If you want to trigger CodeAnt AI, comment @codeant-ai review to trigger a manual review.

[github-actions]

🔒 Snyk Security Scan Results

Snyk vulnerability scan completed. View results in GitHub Code Scanning dashboard.

[github-actions]

🔒 Snyk Security Scan Results

Snyk vulnerability scan completed. View results in GitHub Code Scanning dashboard.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Files Reviewed (5 files)

• .github/workflows/cargo-machete.yml
• .github/workflows/sast-full.yml
• .github/workflows/sast-quick.yml
• .github/workflows/sbom.yml
• .github/workflows/trufflehog.yml

---

_{Reviewed by step-3.7-flash · Input: 88.2K · Output: 4K · Cached: 164.2K}