chore(actions)(deps): bump ataylorme/eslint-annotate-action from 3 to 4

[dependabot]

Bumps ataylorme/eslint-annotate-action from 3 to 4.

Release notes

Sourced from ataylorme/eslint-annotate-action's releases.

v4.0.0-beta.1

First beta of the major v4 rewrite. Please test and report any issues!

Use it in your workflow:

- uses: ataylorme/eslint-annotate-action@v4.0.0-beta.1
  with:
    github-token: ${{ secrets.GITHUB_TOKEN }}
    report-json: eslint_report.json

Your workflow also needs:

permissions:
  checks: write
  pull-requests: read  # only needed with only-pr-files: true or post-comment: true

Breaking changes

• Requires Node 24 — add actions/setup-node with node-version: '24' if your runner doesn't have it
• github-token input is now required (explicit auth replacing @octokit/action)

Bug fixes

• Fix crash when GITHUB_WORKSPACE is unset (#82, thanks @​thefrosty)
• Throw a clear error when the report glob matches no files (#93, thanks @​joprice)
• Warnings now correctly annotated at warning level instead of failure (#80, thanks @​vldslv-a)
• Fix null ruleId crash for fatal parse errors and --report-unused-disable-directives

New inputs

Input	Default	Description
neutral-on-warning	false	Set check conclusion to neutral (not success) when only warnings exist (#89, thanks @​jessetan)
post-comment	false	Post/update a sticky PR comment with the ESLint summary (#90, thanks @​jessetan)

Tooling

• Replaced @vercel/ncc with rollup for bundling
• ESLint v9 flat config
• Migrated to @actions/github + @actions/core from @actions/toolkit
• 0 npm vulnerabilities (was 19, thanks @​drewish)
• Node 24 runtime (thanks @​sturman)

Changelog

Sourced from ataylorme/eslint-annotate-action's changelog.

4.0.0 - CONTAINS BREAKING CHANGES

• Runs using Node 24

3.0.0 - CONTAINS BREAKING CHANGES

• Rename the repo-token input to GITHUB_TOKEN
• Run the Action itself on Node 20 instead of Node 16
• Truncate summary if too long
• Only add changed file to markdown summary if only changed files is true
• Use @octokit/action instead of actions-toolkit
• Use ESLint types from @types/eslint instead of custom types
• Default line to 1 if it's not present

Commits

• 5a8d8ab fix: align github-token input name across action.yml, constants, and tests
• 6a1440a chore: update @​actions dependencies to latest major versions
• 039ba93 docs: update README for v4
• 03bec51 fix: resolve ESLint v9 config issues and auto-format all source files
• 37d0663 fix: mock constants in getAnalyzedReport tests to fix CI SHA mismatch
• 9438e67 feat!: v4 — Node 24, ESM, rollup, @​actions/toolkit, bug fixes, new features
• 4ef6269 Node 24
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[Copilot]

Pull request overview

Updates the GitHub Actions lint workflow to use ataylorme/eslint-annotate-action@v4 for annotating ESLint results on PRs.

Changes:

• Bump ataylorme/eslint-annotate-action from v3 to v4 in the lint workflow.

Comments suppressed due to low confidence (2)

.github/workflows/lint.yml:35

• ataylorme/eslint-annotate-action@v4 no longer accepts repo-token; v4 requires the github-token input. Keeping repo-token will cause the action to fail with a missing/unknown input. Update this with: key to github-token: ${{ secrets.GITHUB_TOKEN }} (or another token as needed).

        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          report-json: 'eslint-report.json'

.github/workflows/lint.yml:36

• eslint-annotate-action@v4 needs checks: write permissions (and pull-requests: read when only-pr-files: true) to create/update the check run annotations. This workflow currently doesn't declare these permissions, so the step may 403 or silently fail on default-restricted GITHUB_TOKEN permissions. Add a permissions: block at the workflow or job level with the required scopes.

        uses: ataylorme/eslint-annotate-action@v4
        if: always()
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          report-json: 'eslint-report.json'
          only-pr-files: true

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.