Bump the "tooling" group with 2 updates across multiple ecosystems

[dependabot]

Bumps the tooling group with 1 update: lizard.

Updates lizard from 1.21.2 to 1.22.1

Changelog

Sourced from lizard's changelog.

1.22.1

Bug Fixes

• TypeScript: prevent IndexError when parsing nested template literals (issue #471, PR #472)

1.22.0

Improvements

• TypeScript, TSX, and JSX — parsing and metrics are much closer to real code (PRs #467, #468):
  • TSX/JSX use the same TypeScriptStates path as .ts (tokenizer-only layer for JSX), so class methods and CCN are no longer wrong or double-counted.
  • Skips that reduce false functions: interface { … } method signatures, type … = value types, abstract method declarations without bodies; ES2022 private names #foo in tokenization; smarter parameters (type keyword noise, commas inside Map<…>, etc.).
  • Class field arrows (handleClick = () => {}) are reported under the field name instead of (anonymous); better call vs definition and class-body cases (typed fields, static / async fields, LWC-style async x => fields, field = CONST.PROP;, JSX attribute expressions).

1.21.7

Bug Fixes

• Java: treat record as a contextual keyword (field and method name record are no longer parsed as a record class); track brace depth for field array/object initializers so = { } does not end the class body before a static block (issue #470)

1.21.6

Improvements

• Release workflow: clarify how PyPI matches trusted publishers (repository owner id, workflow file, environment); add optional PYPI_API_TOKEN secret for token-based upload when OIDC is not used

1.21.5

Improvements

• Release workflow: publish to PyPI without a GitHub Environment so trusted publishing matches PyPI’s default GitHub publisher settings (owner, repository, release.yml, empty environment name)

1.21.4

Bug Fixes

• Fix Java parsing when a field initializer uses a class literal (Type.class), which could mis-parse the next method (e.g. catch treated as a method name) (issue #469)
• Fix Java static initializer blocks (static { ... }) so control-flow keywords inside the block are not counted as methods (issue #469)
• Fix Java double-brace anonymous classes (new Foo() {{ ... }}) so instance-initializer bodies are not parsed as class methods (issue #469)

1.21.3

Bug Fixes

• Fix Java annotations with parenthesized arguments (e.g. @Transactional(rollbackFor = Exception.class)) being parsed as methods and corrupting complexity (issue #463)

Commits

• f5172b1 Release 1.22.1
• 8eb1070 Fix pycodestyle W291/W293 in language readers.
• 76758b4 Merge pull request #472 from daruandris/fix/typescript-duplicate-empty-token
• 35f9273 fix: prevent IndexError on nested TypeScript template literals (fixes #471)
• c4d9a60 Release 1.22.0
• 7bb086c Fix builtin callable filter and generic param handling
• 60e7f11 Name class field arrow functions by their field name
• a43814c Add TS enhancements: interface skip, abstract, #private, param filter
• c353ac8 Add TypeScript tests for dot-property field assignment fix
• b515032 Clean up dead code and minor issues from review
• Additional commits viewable in compare view

Bumps the tooling group with 3 updates: dorny/paths-filter, actions/github-script and hashicorp/setup-terraform.

Updates dorny/paths-filter from 3 to 4

Release notes

Sourced from dorny/paths-filter's releases.

v4.0.0

What's Changed

• feat: update action runtime to node24 by @​saschabratton in dorny/paths-filter#294

New Contributors

• @​saschabratton made their first contribution in dorny/paths-filter#294

Full Changelog: dorny/paths-filter@v3.0.3...v4.0.0

v3.0.3

What's Changed

• Add missing predicate-quantifier by @​wardpeet in dorny/paths-filter#279

New Contributors

• @​wardpeet made their first contribution in dorny/paths-filter#279

Full Changelog: dorny/paths-filter@v3...v3.0.3

v3.0.2

What's Changed

• feat: add config parameter for predicate quantifier by @​petermetz in dorny/paths-filter#224

New Contributors

• @​petermetz made their first contribution in dorny/paths-filter#224

Full Changelog: dorny/paths-filter@v3...v3.0.2

v3.0.1

What's Changed

• Compare base and ref when token is empty by @​frouioui in dorny/paths-filter#133

New Contributors

• @​frouioui made their first contribution in dorny/paths-filter#133

Full Changelog: dorny/paths-filter@v3...v3.0.1

Changelog

Sourced from dorny/paths-filter's changelog.

Changelog

v4.0.0

• Update action runtime to node24

v3.0.3

• Add missing predicate-quantifier

v3.0.2

• Add config parameter for predicate quantifier

v3.0.1

• Compare base and ref when token is empty

v3.0.0

• Update to Node.js 20
• Update all dependencies

v2.11.1

• Update @​actions/core to v1.10.0 - Fixes warning about deprecated set-output
• Document need for pull-requests: read permission
• Updating to actions/checkout@v3

v2.11.0

• Set list-files input parameter as not required
• Update Node.js
• Fix incorrect handling of Unicode characters in exec()
• Use Octokit pagination
• Updates real world links

v2.10.2

• Fix getLocalRef() returns wrong ref

v2.10.1

• Improve robustness of change detection

v2.10.0

• Add ref input parameter
• Fix change detection in PR when pullRequest.changed_files is incorrect

v2.9.3

• Fix change detection when base is a tag

v2.9.2

• Fix fetching git history

v2.9.1

• Fix fetching git history + fallback to unshallow repo

v2.9.0

... (truncated)

Commits

• fbd0ab8 feat: add merge_group event support
• efb1da7 feat: add dist/ freshness check to PR workflow
• d8f7b06 Merge pull request #302 from dorny/issue-299
• addbc14 Update README for v4
• 9d7afb8 Update CHANGELOG for v4.0.0
• 782470c Merge branch 'releases/v3'
• ce10459 Merge pull request #294 from saschabratton/master
• 5f40380 feat: update action runtime to node24
• See full diff in compare view

Updates actions/github-script from 8 to 9

Release notes

Sourced from actions/github-script's releases.

v9.0.0

New features:

• getOctokit factory function — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See Creating additional clients with getOctokit for details and examples.
• Orchestration ID in user-agent — The ACTIONS_ORCHESTRATION_ID environment variable is automatically appended to the user-agent string for request tracing.

Breaking changes:

• require('@actions/github') no longer works in scripts. The upgrade to @actions/github v9 (ESM-only) means require('@actions/github') will fail at runtime. If you previously used patterns like const { getOctokit } = require('@actions/github') to create secondary clients, use the new injected getOctokit function instead — it's available directly in the script context with no imports needed.
• getOctokit is now an injected function parameter. Scripts that declare const getOctokit = ... or let getOctokit = ... will get a SyntaxError because JavaScript does not allow const/let redeclaration of function parameters. Use the injected getOctokit directly, or use var getOctokit = ... if you need to redeclare it.
• If your script accesses other @actions/github internals beyond the standard github/octokit client, you may need to update those references for v9 compatibility.

What's Changed

• Add ACTIONS_ORCHESTRATION_ID to user-agent string by @​Copilot in actions/github-script#695
• ci: use deployment: false for integration test environments by @​salmanmkc in actions/github-script#712
• feat!: add getOctokit to script context, upgrade @​actions/github v9, @​octokit/core v7, and related packages by @​salmanmkc in actions/github-script#700

New Contributors

• @​Copilot made their first contribution in actions/github-script#695

Full Changelog: actions/github-script@v8.0.0...v9.0.0

Commits

• 3a2844b Merge pull request #700 from actions/salmanmkc/expose-getoctokit + prepare re...
• ca10bbd fix: use @​octokit/core/types import for v7 compatibility
• 86e48e2 merge: incorporate main branch changes
• c108472 chore: rebuild dist for v9 upgrade and getOctokit factory
• afff112 Merge pull request #712 from actions/salmanmkc/deployment-false + fix user-ag...
• ff8117e ci: fix user-agent test to handle orchestration ID
• 81c6b78 ci: use deployment: false to suppress deployment noise from integration tests
• 3953caf docs: update README examples from @​v8 to @​v9, add getOctokit docs and v9 brea...
• c17d55b ci: add getOctokit integration test job
• a047196 test: add getOctokit integration tests via callAsyncFunction
• Additional commits viewable in compare view

Updates hashicorp/setup-terraform from 3 to 4

Release notes

Sourced from hashicorp/setup-terraform's releases.

v4.0.0

BREAKING CHANGES:

• Upgrade to Node.js 24 - setup-terraform now requires Node.js 24 (#503)

v3.1.2

NOTES:

• This release introduces no functional changes. It does however include dependency updates which address upstream CVEs. (#430)

v3.1.1

BUG FIXES:

• wrapper: Fix wrapper to output to stdout and stderr immediately when data is received (#395)

v3.1.0

ENHANCEMENTS:

• Automatically fallback to darwin/amd64 for Terraform versions before 1.0.2 as releases for darwin/arm64 are not available (#409)

Changelog

Sourced from hashicorp/setup-terraform's changelog.

4.0.0 (2026-02-24)

BREAKING CHANGES:

• Upgrade to Node.js 24 - setup-terraform now requires Node.js 24 (#503)

3.1.2 (2024-08-19)

NOTES:

• This release introduces no functional changes. It does however include dependency updates which address upstream CVEs. (#430)

3.1.1 (2024-05-07)

BUG FIXES:

• wrapper: Fix wrapper to output to stdout and stderr immediately when data is received (#395)

Commits

• 5e8dbf3 Update package version
• 6eb9b2a Update changelog
• af062bc feat: upgrade to node 24 (#503)
• ce70bcf Bump @​actions/github from 7.0.0 to 8.0.0 (#528)
• d92091b Bump actions/checkout from 6.0.1 to 6.0.2 in the github-actions group (#527)
• dcc3150 Bump actions/setup-node from 6.1.0 to 6.2.0 in the github-actions group (#525)
• 93d5a27 Bump @​actions/github from 6.0.1 to 7.0.0 (#523)
• 92e4d08 Bump dessant/lock-threads in the github-actions group (#519)
• 071811a Bump the github-actions group with 2 updates (#517)
• 712b439 Bump actions/checkout from 5.0.0 to 6.0.0 in the github-actions group (#515)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[greptile-apps]

PR author is not in the allowed authors list.

[github-actions]

Visual regression report

No visual diffs detected.

Run: https://github.com/Chronote-gg/Chronote/actions/runs/25733652266