chore(deps): bump the github-actions group across 1 directory with 2 updates

[dependabot]

Bumps the github-actions group with 2 updates in the / directory: actions/dependency-review-action and DavidAnson/markdownlint-cli2-action.

Updates actions/dependency-review-action from 4.9.0 to 5.0.0

Release notes

Sourced from actions/dependency-review-action's releases.

5.0.0

This is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version v2.327.1 to run.

What's Changed

• Add .github/copilot-instructions.md for Copilot coding agent by @​ahpook in actions/dependency-review-action#1067
• Update Node.js runtime from 20 to 24 by @​scottschreckengaust in actions/dependency-review-action#1084
• Bump spdx-license-ids from 3.0.20 to 3.0.23 by @​mongolyy in actions/dependency-review-action#1091
• docs: bump actions/checkout from v4 to v6 in workflow examples by @​Marukome0743 in actions/dependency-review-action#1077
• fix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by @​tspascoal in actions/dependency-review-action#1076
• Resolve security findings by @​AshelyTC in actions/dependency-review-action#1094
• v5.0.0 release branch by @​ahpook in actions/dependency-review-action#1098

New Contributors

• @​scottschreckengaust made their first contribution in actions/dependency-review-action#1084
• @​mongolyy made their first contribution in actions/dependency-review-action#1091
• @​Marukome0743 made their first contribution in actions/dependency-review-action#1077

Full Changelog: actions/dependency-review-action@v4.9.0...v5.0.0

Commits

• a1d282b Merge pull request #1098 from actions/ahpook/v5-release
• eb6c199 update examples to show @​v5
• 3943c2c v5.0.0 release branch
• 454943c Merge pull request #1094 from actions/ashelytc/security-findings
• 6d92a12 revert @​typescript-eslint/parser update
• a8e5a7e Merge pull request #1076 from tspascoal/fix-version-matching-for-non-string-s...
• b6b7079 update @​typescript-eslint/parser to 8.40.0
• 821a21d update more dependencies
• 05aaaae run npm audit fix
• 55d3e75 Merge pull request #1077 from Marukome0743/docs/checkout
• Additional commits viewable in compare view

Updates DavidAnson/markdownlint-cli2-action from 23.0.0 to 23.2.0

Commits

• ded1f94 Update to version 23.2.0.
• dc5dad9 Add 10-day cooldown period to Dependabot updates.
• 64b1c6a Add package-lock.json for reproducible builds (fixes #362).
• 6c62e06 Bump eslint-plugin-n from 17.24.0 to 18.0.0
• 9b5720c Bump eslint from 10.2.1 to 10.3.0
• 6b51ade Update to version 23.1.0.
• ea6e0da Freshen generated index.js file.
• 3c4c2c8 Bump markdownlint-cli2 from 0.22.0 to 0.22.1
• 3a933d4 Bump @​actions/core from 3.0.0 to 3.0.1
• 648042e Freshen generated index.js file.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary by CodeRabbit

• Chores
  • Updated GitHub Actions workflow dependencies to latest pinned versions, enhancing CI/CD pipeline reliability and security measures.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR updates two GitHub Actions workflow files to use newer versions of external actions: dependency-review-action from v4.9.0 to v5.0.0 and markdownlint-cli2-action from v23.0.0 to v23.2.0. No workflow logic, triggers, or configuration behavior is changed.

Changes

GitHub Actions Dependency Updates

Layer / File(s)	Summary
Dependency Review Action Version Update .github/workflows/dependency-review.yml	actions/dependency-review-action is pinned to v5.0.0 instead of v4.9.0.
Markdown Lint Action Version Update .github/workflows/markdown.yml	DavidAnson/markdownlint-cli2-action is pinned to v23.2.0 instead of v23.0.0.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 Dependencies need love and care,
Fresh versions floating in the air,
v5 and v23 now in place,
Workflows run with updated grace! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: updating two GitHub Actions dependencies in the workflows.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/github_actions/github-actions-8528d74303

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/markdown.yml:
- Line 24: Replace the incorrect pinned commit for the GitHub Action reference
"uses: DavidAnson/markdownlint-cli2-action@..." so it matches the official
v23.2.0 release; specifically update the commit hash currently set to
ded1f9488f68a970bc66ea5619e13e9b52e601cd to the correct commit
fa0cd0f1a052f54da593c83860f2292982f5d142 in the markdown workflow line that
references the markdownlint-cli2-action.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 72f9eaa0-b9ef-4f37-8f92-c08bf225fee3

📥 Commits

Reviewing files that changed from the base of the PR and between ac13d48 and 1cae6ec.

📒 Files selected for processing (2)

• .github/workflows/dependency-review.yml
• .github/workflows/markdown.yml

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify that the commit hash matches the official v23.2.0 tag

# Fetch the commit hash for the v23.2.0 tag from the repository
tag_commit=$(gh api repos/DavidAnson/markdownlint-cli2-action/git/ref/tags/v23.2.0 --jq '.object.sha')

echo "Official v23.2.0 tag commit: $tag_commit"
echo "PR commit hash: ded1f9488f68a970bc66ea5619e13e9b52e601cd"

if [ "$tag_commit" = "ded1f9488f68a970bc66ea5619e13e9b52e601cd" ]; then
  echo "✓ Commit hash matches v23.2.0 tag"
else
  echo "✗ Commit hash DOES NOT match v23.2.0 tag"
fi

Repository: Lucenx9/agentinit

Length of output: 229

---

Fix the commit hash—it does not match the official v23.2.0 release tag.

The commit hash ded1f9488f68a970bc66ea5619e13e9b52e601cd does not correspond to the v23.2.0 tag. The official v23.2.0 release is at commit fa0cd0f1a052f54da593c83860f2292982f5d142. Update the pinned commit to match the correct release tag.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/markdown.yml at line 24, Replace the incorrect pinned
commit for the GitHub Action reference "uses:
DavidAnson/markdownlint-cli2-action@..." so it matches the official v23.2.0
release; specifically update the commit hash currently set to
ded1f9488f68a970bc66ea5619e13e9b52e601cd to the correct commit
fa0cd0f1a052f54da593c83860f2292982f5d142 in the markdown workflow line that
references the markdownlint-cli2-action.