diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index eb5dd6086..5091e2a32 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -10,8 +10,8 @@ Unreleased
 
 .. vendor-insert-here
 
-- Update vendored schemas: buildkite, circle-ci, dependabot, mergify, renovate,
-  snapcraft, taskfile (2025-12-28)
+- Update vendored schemas: buildkite, circle-ci, dependabot, github-workflows,
+  gitlab-ci, mergify, renovate, snapcraft, taskfile (2026-01-11)
 
 0.36.0
 ------
diff --git a/src/check_jsonschema/builtin_schemas/vendor/dependabot.json b/src/check_jsonschema/builtin_schemas/vendor/dependabot.json
index 235fd1566..49a4f21bb 100644
--- a/src/check_jsonschema/builtin_schemas/vendor/dependabot.json
+++ b/src/check_jsonschema/builtin_schemas/vendor/dependabot.json
@@ -1068,7 +1068,16 @@
       },
       "allOf": [
         {
-          "required": ["package-ecosystem", "schedule"]
+          "$comment": "Schedule is required UNLESS multi-ecosystem-group is specified",
+          "if": {
+            "required": ["multi-ecosystem-group"]
+          },
+          "then": {
+            "required": ["package-ecosystem"]
+          },
+          "else": {
+            "required": ["package-ecosystem", "schedule"]
+          }
         },
         {
           "oneOf": [
diff --git a/src/check_jsonschema/builtin_schemas/vendor/github-workflows.json b/src/check_jsonschema/builtin_schemas/vendor/github-workflows.json
index 160824c1d..cc7e59a88 100644
--- a/src/check_jsonschema/builtin_schemas/vendor/github-workflows.json
+++ b/src/check_jsonschema/builtin_schemas/vendor/github-workflows.json
@@ -351,6 +351,34 @@
         }
       ]
     },
+    "snapshot": {
+      "$comment": "https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#jobsjob_idsnapshot",
+      "description": "You can use `jobs.<job_id>.snapshot` to generate a custom image.\nAdd the snapshot keyword to the job, using either the string syntax or mapping syntax as shown in https://docs.github.com/en/actions/how-tos/manage-runners/larger-runners/use-custom-images#generating-a-custom-image.\nEach job that includes the snapshot keyword creates a separate image. To generate only one image or image version, include all workflow steps in a single job. Each successful run of a job that includes the snapshot keyword creates a new version of that image.\nFor more information, see https://docs.github.com/en/actions/how-tos/manage-runners/larger-runners/use-custom-images.",
+      "oneOf": [
+        {
+          "$comment": "https://docs.github.com/en/actions/how-tos/manage-runners/larger-runners/use-custom-images#string-syntax",
+          "type": "string",
+          "description": "You can use the string syntax with `snapshot` to define the image name. This method creates a new image or adds a new version to an existing image with the same name. You cannot specify a version number using this syntax."
+        },
+        {
+          "$comment": "https://docs.github.com/en/actions/how-tos/manage-runners/larger-runners/use-custom-images#mapping-syntax",
+          "type": "object",
+          "additionalProperties": false,
+          "description": "You can use the mapping syntax with `snapshot` to define both the `image-name` and the optional `version`. When you specify a major version, the minor versioning automatically increments if that major version already exists. Patch versions are not supported.",
+          "properties": {
+            "image-name": {
+              "type": "string"
+            },
+            "version": {
+              "$comment": "https://docs.github.com/en/actions/how-tos/manage-runners/larger-runners/use-custom-images#specifying-a-version-in-your-workflow",
+              "type": "string",
+              "pattern": "^\\d+(\\.\\d+|\\*)?$"
+            }
+          },
+          "required": ["image-name"]
+        }
+      ]
+    },
     "step": {
       "type": "object",
       "additionalProperties": false,
@@ -623,6 +651,9 @@
         "needs": {
           "$ref": "#/definitions/jobNeeds"
         },
+        "snapshot": {
+          "$ref": "#/definitions/snapshot"
+        },
         "permissions": {
           "$ref": "#/definitions/permissions"
         },
@@ -932,7 +963,6 @@
           }
         }
       ],
-      "required": ["description"],
       "additionalProperties": false
     }
   },
diff --git a/src/check_jsonschema/builtin_schemas/vendor/gitlab-ci.json b/src/check_jsonschema/builtin_schemas/vendor/gitlab-ci.json
index 64e42fd61..8b850eda1 100644
--- a/src/check_jsonschema/builtin_schemas/vendor/gitlab-ci.json
+++ b/src/check_jsonschema/builtin_schemas/vendor/gitlab-ci.json
@@ -446,8 +446,7 @@
         "default": {
           "markdownDescription": "Default value for this input."
         }
-      },
-      "additionalProperties": false
+      }
     },
     "configInputs": {
       "type": "object",
diff --git a/src/check_jsonschema/builtin_schemas/vendor/mergify.json b/src/check_jsonschema/builtin_schemas/vendor/mergify.json
index deb1eb83d..0369ca8ab 100644
--- a/src/check_jsonschema/builtin_schemas/vendor/mergify.json
+++ b/src/check_jsonschema/builtin_schemas/vendor/mergify.json
@@ -1396,10 +1396,11 @@
         },
         "status_comments": {
           "default": "all",
-          "description": "Controls the level of status comments posted on pull requests in the queue.\n- `all`: Post comments for all queue events (entering queue, CI progress, outcomes).\n- `outcomes`: Only post comments for final outcomes (merged or dequeued with failure reason).\n",
+          "description": "Controls the level of status comments posted on pull requests in the queue.\n- `all`: Post comments for all queue events (entering queue, CI progress, outcomes).\n- `outcomes`: Only post comments for final outcomes (merged or dequeued with failure reason).\n- `none`: Do not post any comments for queue status.\n",
           "enum": [
             "all",
-            "outcomes"
+            "outcomes",
+            "none"
           ],
           "title": "Status Comments",
           "type": "string"
diff --git a/src/check_jsonschema/builtin_schemas/vendor/renovate.json b/src/check_jsonschema/builtin_schemas/vendor/renovate.json
index be6af0b45..e17a7841f 100644
--- a/src/check_jsonschema/builtin_schemas/vendor/renovate.json
+++ b/src/check_jsonschema/builtin_schemas/vendor/renovate.json
@@ -1,7 +1,7 @@
 {
-  "title": "JSON schema for Renovate 42.66.9 config files (https://renovatebot.com/)",
+  "title": "JSON schema for Renovate 42.76.5 config files (https://renovatebot.com/)",
   "$schema": "http://json-schema.org/draft-07/schema#",
-  "x-renovate-version": "42.66.9",
+  "x-renovate-version": "42.76.5",
   "allowComments": true,
   "type": "object",
   "properties": {
@@ -47,6 +47,11 @@
       "type": "boolean",
       "default": false
     },
+    "allowShellExecutorForPostUpgradeCommands": {
+      "description": "Deprecated: This configuration option is only intended to be used with 'global' configuration when self-hosting, not used in a repository configuration file. Renovate likely won't use the configuration, and these fields will be removed from the repository configuration documentation in Renovate v43 (https://github.com/renovatebot/renovate/issues/38728)\n\nWhether to run commands for `postUpgradeTasks` inside a shell. This has security implications, as it means that they can call out to other commands or access shell variables. It is difficult to craft an `allowedCommands` regex to restrict this.",
+      "type": "boolean",
+      "default": true
+    },
     "allowedCommands": {
       "description": "Deprecated: This configuration option is only intended to be used with 'global' configuration when self-hosting, not used in a repository configuration file. Renovate likely won't use the configuration, and these fields will be removed from the repository configuration documentation in Renovate v43 (https://github.com/renovatebot/renovate/issues/38728)\n\nA list of regular expressions that decide which commands are allowed in post-upgrade tasks.",
       "type": "array",
@@ -2731,7 +2736,7 @@
     "dockerSidecarImage": {
       "description": "Deprecated: This configuration option is only intended to be used with 'global' configuration when self-hosting, not used in a repository configuration file. Renovate likely won't use the configuration, and these fields will be removed from the repository configuration documentation in Renovate v43 (https://github.com/renovatebot/renovate/issues/38728)\n\nChange this value to override the default Renovate sidecar image.",
       "type": "string",
-      "default": "ghcr.io/containerbase/sidecar:13.25.18"
+      "default": "ghcr.io/containerbase/sidecar:13.25.22"
     },
     "dockerUser": {
       "description": "Deprecated: This configuration option is only intended to be used with 'global' configuration when self-hosting, not used in a repository configuration file. Renovate likely won't use the configuration, and these fields will be removed from the repository configuration documentation in Renovate v43 (https://github.com/renovatebot/renovate/issues/38728)\n\nSet the `UID` and `GID` for Docker-based binaries if you use `binarySource=docker`.",
@@ -8873,6 +8878,7 @@
             "debian",
             "devbox",
             "docker",
+            "exact",
             "git",
             "glasskube",
             "go-mod-directive",
diff --git a/src/check_jsonschema/builtin_schemas/vendor/sha256/dependabot.sha256 b/src/check_jsonschema/builtin_schemas/vendor/sha256/dependabot.sha256
index 328d5d2ee..b4c6d959b 100644
--- a/src/check_jsonschema/builtin_schemas/vendor/sha256/dependabot.sha256
+++ b/src/check_jsonschema/builtin_schemas/vendor/sha256/dependabot.sha256
@@ -1 +1 @@
-280d7c6f5436d4b6c61a77a938cfd5b5c0239422c451aee28eb159de5d29843c
\ No newline at end of file
+8a0e0d1dfe0517c5e28e8be6a8363eb5f84afb27e59b57684f380f8fafc2649e
\ No newline at end of file
diff --git a/src/check_jsonschema/builtin_schemas/vendor/sha256/github-workflows.sha256 b/src/check_jsonschema/builtin_schemas/vendor/sha256/github-workflows.sha256
index 62cd721fe..f880ea6bc 100644
--- a/src/check_jsonschema/builtin_schemas/vendor/sha256/github-workflows.sha256
+++ b/src/check_jsonschema/builtin_schemas/vendor/sha256/github-workflows.sha256
@@ -1 +1 @@
-bee899219962fcedc944bb321e2b79a5ca9ff8b7aee9136c4edfbb2aa1eb7a06
\ No newline at end of file
+db64c217da767f3d3f9e80010be6afbe0ff8e865963dabb770cbf8a4f999d3e0
\ No newline at end of file
diff --git a/src/check_jsonschema/builtin_schemas/vendor/sha256/gitlab-ci.sha256 b/src/check_jsonschema/builtin_schemas/vendor/sha256/gitlab-ci.sha256
index a6be99fd7..52810e504 100644
--- a/src/check_jsonschema/builtin_schemas/vendor/sha256/gitlab-ci.sha256
+++ b/src/check_jsonschema/builtin_schemas/vendor/sha256/gitlab-ci.sha256
@@ -1 +1 @@
-6759380954fc44d60d29eb575126a915a5b254517b6212e2b29cabbfc4cf8911
\ No newline at end of file
+6059ebe5d95e8bb0c9538eb8e324b581279bd0d8e23985938af1faced52623af
\ No newline at end of file
diff --git a/src/check_jsonschema/builtin_schemas/vendor/sha256/mergify.sha256 b/src/check_jsonschema/builtin_schemas/vendor/sha256/mergify.sha256
index c439b7101..ac4195a29 100644
--- a/src/check_jsonschema/builtin_schemas/vendor/sha256/mergify.sha256
+++ b/src/check_jsonschema/builtin_schemas/vendor/sha256/mergify.sha256
@@ -1 +1 @@
-517088ead76d0dbb491919cf0a3b460094415e4875bbf19683fb4c820592e9a0
\ No newline at end of file
+68c3563b574438aa726b189c6ea427035b5f71bee4f7f3eeef23ff44e307e49c
\ No newline at end of file
diff --git a/src/check_jsonschema/builtin_schemas/vendor/sha256/renovate.sha256 b/src/check_jsonschema/builtin_schemas/vendor/sha256/renovate.sha256
index f88878a1d..68c1aae30 100644
--- a/src/check_jsonschema/builtin_schemas/vendor/sha256/renovate.sha256
+++ b/src/check_jsonschema/builtin_schemas/vendor/sha256/renovate.sha256
@@ -1 +1 @@
-e0998f693a633a4f1fd186269577c8688e678e4c47a932aecd7591a7bc30c87a
\ No newline at end of file
+f0bfa00a80bcfdee53d04ed297861fb92792d4c4ddab207cc2586ce4d10c3c48
\ No newline at end of file