[PR #103] chore(deps): bump zizmor from 1.23.1 to 1.24.1 #544

Open
opened 2026-05-11 08:47:58 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/vavkamil/awesome-bugbounty-tools/pull/103
Author: @dependabot[bot]
Created: 5/1/2026
Status: 🔄 Open

Base: mainHead: dependabot/pip/zizmor-1.24.1


📝 Commits (1)

  • 12515d9 chore(deps): bump zizmor from 1.23.1 to 1.24.1

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 requirements.txt (+1 -1)

📄 Description

Bumps zizmor from 1.23.1 to 1.24.1.

Release notes

Sourced from zizmor's releases.

v1.24.1

Bug Fixes 🐛🔗

  • Fixed a bug where the ref-version-mismatch audit would incorrectly flag some version comments as not containing an appropriate version (#1900)

v1.24.0

New Features 🌈🔗

  • zizmor now allows users to audit from stdin, by passing zizmor - (#1611)

Enhancements 🌱🔗

  • The use-trusted-publishing audit now detects bun publish and bunx npm publish patterns (#1737)

    Many thanks to @​shaanmajid for proposing and implementing this improvement!

  • zizmor's CLI help and usage output now uses a custom color scheme for improved readability (#1747)

  • The secrets-outside-env audit is now configurable with an allowlist of secret names that should not be flagged, even when referenced outside of an environment (#1759)

    Many thanks to @​rmuir for proposing and implementing this improvement!

  • The dependabot-cooldown audit now emits a pedantic finding whenever it encounters a cooldown used with a multi-ecosystem-group, as the two do not interact well (#1780)

  • Recommend gh release upload as a replacement for svenstaro/upload-release-action in superfluous-actions (#1801)

  • Recommend gh issue create as a replacement for dacbd/create-issue-action in superfluous-actions (#1873)

  • The obfuscation audit now emits a finding for with: ${{ expr }} clauses cannot be analyzed (#1772)

  • zizmor --help is now rendered with option groups for improved readability (#1831)

    Many thanks to @​deckstose for implementing this improvement!

  • zizmor's SARIF output now uses codeflows instead of related locations, improving its rendering behavior on GitHub Advanced Security (#1843)

  • The ref-version-mismatch audit now uses a more useful audit description for its findings (#1843)

  • The unpinned-images audit now produces more precise findings for image references that are computed through expressions (#1756)

    Many thanks to @​miketheman for implementing this improvement!

  • The ref-version-mismatch audit now detects missing version comments as well (#1849)

    Many thanks to @​shaanmajid for proposing and implementing this improvement!

Bug Fixes 🐛🔗

  • Fixed a bug where the concurrency-limits audit reported findings at the job level instead of the workflow level (#1627)

... (truncated)

Changelog

Sourced from zizmor's changelog.

1.24.1

Bug Fixes 🐛

  • Fixed a bug where the [ref-version-mismatch] audit would incorrectly flag some version comments as not containing an appropriate version (#1900)

1.24.0

New Features 🌈

  • zizmor now allows users to audit from stdin, by passing zizmor - (#1611)

Enhancements 🌱

  • The [use-trusted-publishing] audit now detects bun publish and bunx npm publish patterns (#1737)

    Many thanks to @​shaanmajid for proposing and implementing this improvement!

  • zizmor's CLI help and usage output now uses a custom color scheme for improved readability (#1747)

  • The [secrets-outside-env] audit is now configurable with an allowlist of secret names that should not be flagged, even when referenced outside of an environment (#1759)

    Many thanks to @​rmuir for proposing and implementing this improvement!

  • The [dependabot-cooldown] audit now emits a pedantic finding whenever it encounters a cooldown used with a multi-ecosystem-group, as the two do not interact well (#1780)

  • Recommend gh release upload as a replacement for @​svenstaro/upload-release-action in [superfluous-actions] (#1801)

  • Recommend gh issue create as a replacement for @​dacbd/create-issue-action in [superfluous-actions] (#1873)

  • The [obfuscation] audit now emits a finding for with: ${{ expr }} clauses cannot be analyzed (#1772)

  • zizmor --help is now rendered with option groups for improved readability (#1831)

    Many thanks to @​deckstose for implementing this improvement!

  • zizmor's SARIF output now uses codeflows instead of related locations, improving its rendering behavior on GitHub Advanced Security (#1843)

  • The [ref-version-mismatch] audit now uses a more useful audit description

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/vavkamil/awesome-bugbounty-tools/pull/103 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 5/1/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `dependabot/pip/zizmor-1.24.1` --- ### 📝 Commits (1) - [`12515d9`](https://github.com/vavkamil/awesome-bugbounty-tools/commit/12515d9947886da60e42105777ccf5e9cfe4c3b3) chore(deps): bump zizmor from 1.23.1 to 1.24.1 ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `requirements.txt` (+1 -1) </details> ### 📄 Description Bumps [zizmor](https://github.com/zizmorcore/zizmor) from 1.23.1 to 1.24.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/zizmorcore/zizmor/releases">zizmor's releases</a>.</em></p> <blockquote> <h2>v1.24.1</h2> <h2>Bug Fixes 🐛<a href="https://docs.zizmor.sh/release-notes/#bug-fixes">🔗</a></h2> <ul> <li>Fixed a bug where the <a href="https://docs.zizmor.sh/audits/#ref-version-mismatch">ref-version-mismatch</a> audit would incorrectly flag some version comments as not containing an appropriate version (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1900">#1900</a>)</li> </ul> <h2>v1.24.0</h2> <h2>New Features 🌈<a href="https://docs.zizmor.sh/release-notes/#new-features">🔗</a></h2> <ul> <li>zizmor now allows users to audit from stdin, by passing zizmor - (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1611">#1611</a>)</li> </ul> <h2>Enhancements 🌱<a href="https://docs.zizmor.sh/release-notes/#enhancements">🔗</a></h2> <ul> <li> <p>The <a href="https://docs.zizmor.sh/audits/#use-trusted-publishing">use-trusted-publishing</a> audit now detects bun publish and bunx npm publish patterns (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1737">#1737</a>)</p> <p>Many thanks to <a href="https://github.com/shaanmajid"><code>@​shaanmajid</code></a> for proposing and implementing this improvement!</p> </li> <li> <p>zizmor's CLI help and usage output now uses a custom color scheme for improved readability (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1747">#1747</a>)</p> </li> <li> <p>The <a href="https://docs.zizmor.sh/audits/#secrets-outside-env">secrets-outside-env</a> audit is now configurable with an allowlist of secret names that should not be flagged, even when referenced outside of an environment (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1759">#1759</a>)</p> <p>Many thanks to <a href="https://github.com/rmuir"><code>@​rmuir</code></a> for proposing and implementing this improvement!</p> </li> <li> <p>The <a href="https://docs.zizmor.sh/audits/#dependabot-cooldown">dependabot-cooldown</a> audit now emits a pedantic finding whenever it encounters a cooldown used with a multi-ecosystem-group, as the two do not interact well (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1780">#1780</a>)</p> </li> <li> <p>Recommend gh release upload as a replacement for <a href="https://github.com/svenstaro/upload-release-action">svenstaro/upload-release-action</a> in <a href="https://docs.zizmor.sh/audits/#superfluous-actions">superfluous-actions</a> (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1801">#1801</a>)</p> </li> <li> <p>Recommend gh issue create as a replacement for <a href="https://github.com/dacbd/create-issue-action">dacbd/create-issue-action</a> in <a href="https://docs.zizmor.sh/audits/#superfluous-actions">superfluous-actions</a> (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1873">#1873</a>)</p> </li> <li> <p>The <a href="https://docs.zizmor.sh/audits/#obfuscation">obfuscation</a> audit now emits a finding for with: ${{ expr }} clauses cannot be analyzed (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1772">#1772</a>)</p> </li> <li> <p>zizmor --help is now rendered with option groups for improved readability (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1831">#1831</a>)</p> <p>Many thanks to <a href="https://github.com/deckstose"><code>@​deckstose</code></a> for implementing this improvement!</p> </li> <li> <p>zizmor's SARIF output now uses codeflows instead of related locations, improving its rendering behavior on GitHub Advanced Security (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1843">#1843</a>)</p> </li> <li> <p>The <a href="https://docs.zizmor.sh/audits/#ref-version-mismatch">ref-version-mismatch</a> audit now uses a more useful audit description for its findings (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1843">#1843</a>)</p> </li> <li> <p>The <a href="https://docs.zizmor.sh/audits/#unpinned-images">unpinned-images</a> audit now produces more precise findings for image references that are computed through expressions (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1756">#1756</a>)</p> <p>Many thanks to <a href="https://github.com/miketheman"><code>@​miketheman</code></a> for implementing this improvement!</p> </li> <li> <p>The <a href="https://docs.zizmor.sh/audits/#ref-version-mismatch">ref-version-mismatch</a> audit now detects missing version comments as well (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1849">#1849</a>)</p> <p>Many thanks to <a href="https://github.com/shaanmajid"><code>@​shaanmajid</code></a> for proposing and implementing this improvement!</p> </li> </ul> <h2>Bug Fixes 🐛<a href="https://docs.zizmor.sh/release-notes/#bug-fixes">🔗</a></h2> <ul> <li>Fixed a bug where the <a href="https://docs.zizmor.sh/audits/#concurrency-limits">concurrency-limits</a> audit reported findings at the job level instead of the workflow level (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1627">#1627</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/zizmorcore/zizmor/blob/main/docs/release-notes.md">zizmor's changelog</a>.</em></p> <blockquote> <h2>1.24.1</h2> <h3>Bug Fixes 🐛</h3> <ul> <li>Fixed a bug where the [ref-version-mismatch] audit would incorrectly flag some version comments as not containing an appropriate version (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1900">#1900</a>)</li> </ul> <h2>1.24.0</h2> <h3>New Features 🌈</h3> <ul> <li><code>zizmor</code> now allows users to audit from stdin, by passing <code>zizmor -</code> (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1611">#1611</a>)</li> </ul> <h3>Enhancements 🌱</h3> <ul> <li> <p>The [use-trusted-publishing] audit now detects <code>bun publish</code> and <code>bunx npm publish</code> patterns (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1737">#1737</a>)</p> <p>Many thanks to <a href="https://github.com/shaanmajid"><code>@​shaanmajid</code></a> for proposing and implementing this improvement!</p> </li> <li> <p><code>zizmor</code>'s CLI help and usage output now uses a custom color scheme for improved readability (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1747">#1747</a>)</p> </li> <li> <p>The [secrets-outside-env] audit is now configurable with an allowlist of secret names that should not be flagged, even when referenced outside of an environment (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1759">#1759</a>)</p> <p>Many thanks to <a href="https://github.com/rmuir"><code>@​rmuir</code></a> for proposing and implementing this improvement!</p> </li> <li> <p>The [dependabot-cooldown] audit now emits a pedantic finding whenever it encounters a cooldown used with a multi-ecosystem-group, as the two do not interact well (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1780">#1780</a>)</p> </li> <li> <p>Recommend <code>gh release upload</code> as a replacement for <code>@​svenstaro/upload-release-action</code> in [superfluous-actions] (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1801">#1801</a>)</p> </li> <li> <p>Recommend <code>gh issue create</code> as a replacement for <code>@​dacbd/create-issue-action</code> in [superfluous-actions] (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1873">#1873</a>)</p> </li> <li> <p>The [obfuscation] audit now emits a finding for <code>with: ${{ expr }}</code> clauses cannot be analyzed (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1772">#1772</a>)</p> </li> <li> <p><code>zizmor --help</code> is now rendered with option groups for improved readability (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1831">#1831</a>)</p> <p>Many thanks to <a href="https://github.com/deckstose"><code>@​deckstose</code></a> for implementing this improvement!</p> </li> <li> <p>zizmor's SARIF output now uses codeflows instead of related locations, improving its rendering behavior on GitHub Advanced Security (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1843">#1843</a>)</p> </li> <li> <p>The [ref-version-mismatch] audit now uses a more useful audit description</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/zizmorcore/zizmor/commit/2eaf42bcccfed62978cee0905902acbc294d5123"><code>2eaf42b</code></a> ref-version-mismatch: handle version comments without v prefix (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1900">#1900</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor/commit/a3b72b8f26946fd057c016d5ec83b77cc4cfdad2"><code>a3b72b8</code></a> chore(deps): bump the github-actions group with 3 updates (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1897">#1897</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor/commit/d5aba605f4267b96e34775de183955ff0a3197ad"><code>d5aba60</code></a> zizmor v1.24.0 (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1890">#1890</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor/commit/1e762ac3c0354d68ddcac0ccc0af6879e8b38aa6"><code>1e762ac</code></a> zizmor v1.24.0-rc3 (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1889">#1889</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor/commit/b79c9dc84c096d6c7becabd9581c61c9347bf4f7"><code>b79c9dc</code></a> Fix release CI (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1888">#1888</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor/commit/eb113ad5c5f8c25c79dd0b4705d420096a35ba2d"><code>eb113ad</code></a> Unify crate versions and publishing (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1887">#1887</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor/commit/91bcb96244214bea0d62982fba3bc825f9604af9"><code>91bcb96</code></a> Use the GitHub client's host correctly in two more places (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1881">#1881</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor/commit/3ed8316a1ce22a3f9c887c1021992ca19d31dce4"><code>3ed8316</code></a> chore: use <code>tracing</code> for printing the welcome message (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1886">#1886</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor/commit/484acedf381a7553f663309b44def3b7953fb4d8"><code>484aced</code></a> feat(ref-version-mismatch): detect missing version comments on SHA-pinned act...</li> <li><a href="https://github.com/zizmorcore/zizmor/commit/7ee374f5db0b69b96ef4f7ba89d0c33c8a93a7ba"><code>7ee374f</code></a> KATs for GitHub Actions expressions (<a href="https://redirect.github.com/zizmorcore/zizmor/issues/1857">#1857</a>)</li> <li>Additional commits viewable in <a href="https://github.com/zizmorcore/zizmor/compare/v1.23.1...v1.24.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmor&package-manager=pip&previous-version=1.23.1&new-version=1.24.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-11 08:47:58 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/awesome-bugbounty-tools#544