diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml
index 640e282b0..a65b29d2a 100644
--- a/.pre-commit-hooks.yaml
+++ b/.pre-commit-hooks.yaml
@@ -13,7 +13,7 @@
   language: docker_image
   types: ["yaml"]
   files: ^\.github/workflows/
-  entry: docker.io/rhysd/actionlint:1.7.5
+  entry: docker.io/rhysd/actionlint:1.7.6
 - id: actionlint-system
   name: Lint GitHub Actions workflow files
   description: Runs system-installed actionlint to lint GitHub Actions workflow files
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4cfa1801c..b0a27a37f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,59 @@
+<a id="v1.7.5"></a>
+# [v1.7.5](https://github.com/rhysd/actionlint/releases/tag/v1.7.5) - 2024-12-28
+
+- Strictly check available contexts in `${{ }}` placeholders following the ['Context availability' table](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs#context-availability) in the official document.
+  - For example, `jobs.<job_id>.defaults.run.shell` allows `env` context but `shell` workflow keys in other places allow no context.
+    ```yaml
+    defaults:
+      run:
+        # ERROR: No context is available here
+        shell: ${{ env.SHELL }}
+
+    jobs:
+      test:
+        runs-on: ubuntu-latest
+        defaults:
+          run:
+            # OK: 'env' context is available here
+            shell: ${{ env.SHELL }}
+        steps:
+          - run: echo hello
+            # ERROR: No context is available here
+            shell: ${{ env.SHELL}}
+    ```
+- Check a string literal passed to `fromJSON()` call. This pattern is [popular](https://github.com/search?q=fromJSON%28%27+lang%3Ayaml&type=code) to create array or object constants because GitHub Actions does not provide the literal syntax for them. See the [document](https://github.com/rhysd/actionlint/blob/main/docs/checks.md#contexts-and-built-in-functions) for more details. ([#464](https://github.com/rhysd/actionlint/issues/464))
+  ```yaml
+  jobs:
+    test:
+      # ERROR: Key 'mac' does not exist in the object returned by the fromJSON()
+      runs-on: ${{ fromJSON('{"win":"windows-latest","linux":"ubuntul-latest"}')['mac'] }}
+      steps:
+        - run: echo This is a special branch!
+          # ERROR: Broken JSON string passed to fromJSON.
+          if: contains(fromJSON('["main","release","dev"'), github.ref_name)
+  ```
+- Allow passing command arguments to `-shellcheck` argument. ([#483](https://github.com/rhysd/actionlint/issues/483), thanks [@anuraaga](https://github.com/anuraaga))
+  - This is useful when you want to use alternative build of shellcheck like [go-shellcheck](https://github.com/wasilibs/go-shellcheck/).
+    ```sh
+    actionlint -shellcheck="go run github.com/wasilibs/go-shellcheck/cmd/shellcheck@latest"
+    ```
+- Support undocumented `repository_visibility`, `artifact_cache_size_limit`, `step_summary`, `output`, `state` properties in `github` context. ([#489](https://github.com/rhysd/actionlint/issues/489), thanks [@rasa](https://github.com/rasa) for adding `repository_visibility` property)
+- Remove `macos-12` runner label from known labels because it was [dropped](https://github.com/actions/runner-images/issues/10721) from GitHub-hosted runners on Dec. 3 and is no longer available.
+- Add `windows-2025` runner label to the known labels. The runner is in [public preview](https://github.blog/changelog/2024-12-19-windows-server-2025-is-now-in-public-preview/). ([#491](https://github.com/rhysd/actionlint/issues/491), thanks [@ericcornelissen](https://github.com/ericcornelissen))
+- Add `black` to the list of colors for `branding.color` action metadata. ([#485](https://github.com/rhysd/actionlint/issues/485), thanks [@eifinger](https://github.com/eifinger))
+- Add `table` to the list of icons for `branding.icon` action metadata.
+- Fix parsing escaped `{` in `format()` function call's first argument.
+- Fix the incorrect `join()` function overload. `join(s1: string, s2: string)` was wrongly accepted.
+- Update popular actions data set to the latest.
+  - Add `download-artifact/v3-node20` to the data set. ([#468](https://github.com/rhysd/actionlint/issues/468))
+  - Fix missing the `reviewdog/action-hadolint@v1` action input. ([#487](https://github.com/rhysd/actionlint/issues/487), thanks [@mi-wada](https://github.com/mi-wada))
+- Link to the documents of the stable version in actionlint `man` page and `-help` output.
+- Refactor `LintStdin()` API example and some unit tests. ([#472](https://github.com/rhysd/actionlint/issues/472), [#475](https://github.com/rhysd/actionlint/issues/475), thanks [@alexandear](https://github.com/alexandear))
+- Improve the configuration example in `actionlint.yaml` document to explain glob patterns for `paths`. ([#481](https://github.com/rhysd/actionlint/issues/481))
+
+[Changes][v1.7.5]
+
+
 <a id="v1.7.4"></a>
 # [v1.7.4](https://github.com/rhysd/actionlint/releases/tag/v1.7.4) - 2024-11-04
 
@@ -1784,6 +1840,7 @@ See documentation for more details:
 [Changes][v1.0.0]
 
 
+[v1.7.5]: https://github.com/rhysd/actionlint/compare/v1.7.4...v1.7.5
 [v1.7.4]: https://github.com/rhysd/actionlint/compare/v1.7.3...v1.7.4
 [v1.7.3]: https://github.com/rhysd/actionlint/compare/v1.7.2...v1.7.3
 [v1.7.2]: https://github.com/rhysd/actionlint/compare/v1.7.1...v1.7.2
@@ -1834,4 +1891,4 @@ See documentation for more details:
 [v1.1.0]: https://github.com/rhysd/actionlint/compare/v1.0.0...v1.1.0
 [v1.0.0]: https://github.com/rhysd/actionlint/tree/v1.0.0
 
-<!-- Generated by https://github.com/rhysd/changelog-from-release v3.8.0 -->
+<!-- Generated by https://github.com/rhysd/changelog-from-release v3.8.1 -->
diff --git a/HomebrewFormula/actionlint.rb b/HomebrewFormula/actionlint.rb
index dabe678a6..b2a8660d0 100644
--- a/HomebrewFormula/actionlint.rb
+++ b/HomebrewFormula/actionlint.rb
@@ -5,22 +5,22 @@
 class Actionlint < Formula
   desc "Static checker for GitHub Actions workflow files"
   homepage "https://github.com/rhysd/actionlint#readme"
-  version "1.7.4"
+  version "1.7.5"
   license "MIT"
 
   on_macos do
-    on_intel do
-      url "https://github.com/rhysd/actionlint/releases/download/v1.7.4/actionlint_1.7.4_darwin_amd64.tar.gz"
-      sha256 "63a3ba90ee2325afad3ff2e64a4d80688c261e6c68be8e6ab91214637bf936b8"
+    if Hardware::CPU.intel?
+      url "https://github.com/rhysd/actionlint/releases/download/v1.7.5/actionlint_1.7.5_darwin_amd64.tar.gz"
+      sha256 "6b765da53b4c0f9b8f63dbdcdc12d800a8fec36b21336940e166eae329a210dc"
 
       def install
         bin.install "actionlint"
         man1.install "man/actionlint.1"
       end
     end
-    on_arm do
-      url "https://github.com/rhysd/actionlint/releases/download/v1.7.4/actionlint_1.7.4_darwin_arm64.tar.gz"
-      sha256 "cbd193bb490f598d77e179261d7b76dfebd049dddede5803ba21cbf6a469aeee"
+    if Hardware::CPU.arm?
+      url "https://github.com/rhysd/actionlint/releases/download/v1.7.5/actionlint_1.7.5_darwin_arm64.tar.gz"
+      sha256 "397119f9baa3fd9fe195db340b30acdaea532826e19a047a9cc9d96add7c267d"
 
       def install
         bin.install "actionlint"
@@ -30,10 +30,10 @@ def install
   end
 
   on_linux do
-    on_intel do
+    if Hardware::CPU.intel?
       if Hardware::CPU.is_64_bit?
-        url "https://github.com/rhysd/actionlint/releases/download/v1.7.4/actionlint_1.7.4_linux_amd64.tar.gz"
-        sha256 "fc0a6886bbb9a23a39eeec4b176193cadb54ddbe77cdbb19b637933919545395"
+        url "https://github.com/rhysd/actionlint/releases/download/v1.7.5/actionlint_1.7.5_linux_amd64.tar.gz"
+        sha256 "3e6e0a832dfa0b5f027e6b8956aad2632d69b7cb778b1cff847b40279950a856"
 
         def install
           bin.install "actionlint"
@@ -41,10 +41,10 @@ def install
         end
       end
     end
-    on_arm do
+    if Hardware::CPU.arm?
       if !Hardware::CPU.is_64_bit?
-        url "https://github.com/rhysd/actionlint/releases/download/v1.7.4/actionlint_1.7.4_linux_armv6.tar.gz"
-        sha256 "05ab9ea3ff51ca0617323fd3480abf757a0f440683a7c3e2d997634d0d141c9b"
+        url "https://github.com/rhysd/actionlint/releases/download/v1.7.5/actionlint_1.7.5_linux_armv6.tar.gz"
+        sha256 "6d803c1e5b0d4ec36169f090be73596f8dfb370e76aec205917641b9699e254d"
 
         def install
           bin.install "actionlint"
@@ -52,10 +52,10 @@ def install
         end
       end
     end
-    on_arm do
+    if Hardware::CPU.arm?
       if Hardware::CPU.is_64_bit?
-        url "https://github.com/rhysd/actionlint/releases/download/v1.7.4/actionlint_1.7.4_linux_arm64.tar.gz"
-        sha256 "ede03682dc955381d057dde95bb85ce9ca418122209a8a313b617d4adec56416"
+        url "https://github.com/rhysd/actionlint/releases/download/v1.7.5/actionlint_1.7.5_linux_arm64.tar.gz"
+        sha256 "cb992426d176cf5c2f9cd0ecd36722eace064282dde7125f2b6813f2a299ab36"
 
         def install
           bin.install "actionlint"
diff --git a/README.md b/README.md
index c0b98c40c..377ea2323 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 actionlint
 ==========
-[![CI Badge][]][CI]
+[![CI Status][ci-badge]][ci]
 [![API Document][apidoc-badge]][apidoc]
 
 [actionlint][repo] is a static checker for GitHub Actions workflow files. [Try it online!][playground]
@@ -127,8 +127,8 @@ See the [contribution guide](./CONTRIBUTING.md) for more details.
 
 actionlint is distributed under [the MIT license](./LICENSE.txt).
 
-[CI Badge]: https://github.com/rhysd/actionlint/workflows/CI/badge.svg?branch=main&event=push
-[CI]: https://github.com/rhysd/actionlint/actions?query=workflow%3ACI+branch%3Amain
+[ci-badge]: https://github.com/rhysd/actionlint/actions/workflows/ci.yaml/badge.svg
+[ci]: https://github.com/rhysd/actionlint/actions/workflows/ci.yaml
 [apidoc-badge]: https://pkg.go.dev/badge/github.com/rhysd/actionlint.svg
 [apidoc]: https://pkg.go.dev/github.com/rhysd/actionlint
 [repo]: https://github.com/rhysd/actionlint
@@ -139,10 +139,10 @@ actionlint is distributed under [the MIT license](./LICENSE.txt).
 [filter-pattern-doc]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
 [script-injection-doc]: https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#understanding-the-risk-of-script-injections
 [releases]: https://github.com/rhysd/actionlint/releases
-[checks]: https://github.com/rhysd/actionlint/blob/v1.7.5/docs/checks.md
-[install]: https://github.com/rhysd/actionlint/blob/v1.7.5/docs/install.md
-[usage]: https://github.com/rhysd/actionlint/blob/v1.7.5/docs/usage.md
-[config]: https://github.com/rhysd/actionlint/blob/v1.7.5/docs/config.md
-[api]: https://github.com/rhysd/actionlint/blob/v1.7.5/docs/api.md
-[refs]: https://github.com/rhysd/actionlint/blob/v1.7.5/docs/reference.md
+[checks]: https://github.com/rhysd/actionlint/blob/v1.7.6/docs/checks.md
+[install]: https://github.com/rhysd/actionlint/blob/v1.7.6/docs/install.md
+[usage]: https://github.com/rhysd/actionlint/blob/v1.7.6/docs/usage.md
+[config]: https://github.com/rhysd/actionlint/blob/v1.7.6/docs/config.md
+[api]: https://github.com/rhysd/actionlint/blob/v1.7.6/docs/api.md
+[refs]: https://github.com/rhysd/actionlint/blob/v1.7.6/docs/reference.md
 [issue-form]: https://github.com/rhysd/actionlint/issues/new
diff --git a/docs/checks.md b/docs/checks.md
index 6b8c32fde..4a330af99 100644
--- a/docs/checks.md
+++ b/docs/checks.md
@@ -2626,8 +2626,10 @@ Example input:
 ```yaml
 on: push
 
-env:
-  NAME: rhysd
+defaults:
+  run:
+    # ERROR: No context is available here
+    shell: ${{ env.SHELL }}
 
 jobs:
   test:
@@ -2639,19 +2641,19 @@ jobs:
           # ERROR: 'runner' context is not available here
           - ${{ runner.temp }}
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        # OK: 'env' context is available here
+        shell: ${{ env.SHELL }}
     env:
       # ERROR: 'env' context is not available here
-      NAME: ${{ env.NAME }}
-    services:
-      redis:
-        image: redis
-        env:
-          # ERROR: No context is allowed here
-          COMMIT_SHA: ${{ github.sha }}
+      FOO: ${{ env.BAR }}
     steps:
       - env:
           # OK: 'env' context is available here
-          NAME: ${{ env.NAME }}
+          FOO: ${{ env.BAR }}
+        # ERROR: No context is available here
+        shell: ${{ env.SHELL}}
         # ERROR: 'success()' function is not available here
         run: echo 'Success? ${{ success() }}'
         # OK: 'success()' function is available here
@@ -2661,25 +2663,29 @@ jobs:
 Output:
 
 ```
-test.yaml:14:17: context "runner" is not allowed here. available contexts are "github", "inputs", "needs", "vars". see https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability for more details [expression]
+test.yaml:6:16: context "env" is not allowed here. no context is available here. see https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability for more details [expression]
+  |
+6 |     shell: ${{ env.SHELL }}
+  |                ^~~~~~~~~
+test.yaml:16:17: context "runner" is not allowed here. available contexts are "github", "inputs", "needs", "vars". see https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability for more details [expression]
    |
-14 |           - ${{ runner.temp }}
+16 |           - ${{ runner.temp }}
    |                 ^~~~~~~~~~~
-test.yaml:18:17: context "env" is not allowed here. available contexts are "github", "inputs", "matrix", "needs", "secrets", "strategy", "vars". see https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability for more details [expression]
+test.yaml:24:16: context "env" is not allowed here. available contexts are "github", "inputs", "matrix", "needs", "secrets", "strategy", "vars". see https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability for more details [expression]
    |
-18 |       NAME: ${{ env.NAME }}
-   |                 ^~~~~~~~
-test.yaml:24:27: context "github" is not allowed here. no context is available here. see https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability for more details [expression]
+24 |       FOO: ${{ env.BAR }}
+   |                ^~~~~~~
+test.yaml:30:20: context "env" is not allowed here. no context is available here. see https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability for more details [expression]
    |
-24 |           COMMIT_SHA: ${{ github.sha }}
-   |                           ^~~~~~~~~~
-test.yaml:30:33: calling function "success" is not allowed here. "success" is only available in "jobs.<job_id>.if", "jobs.<job_id>.steps.if". see https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability for more details [expression]
+30 |         shell: ${{ env.SHELL}}
+   |                    ^~~~~~~~~~~
+test.yaml:32:33: calling function "success" is not allowed here. "success" is only available in "jobs.<job_id>.if", "jobs.<job_id>.steps.if". see https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability for more details [expression]
    |
-30 |         run: echo 'Success? ${{ success() }}'
+32 |         run: echo 'Success? ${{ success() }}'
    |                                 ^~~~~~~~~
 ```
 
-[Playground](https://rhysd.github.io/actionlint/#eNp0j8FOwzAMhu99Ch+QBof2AXJBE0KCQ+Ew7ihNvSawJpXtdFRT3x1lXdsJNF+i/7f953PwCrrINsvQ9yoDeNuWzwrIDlxn2VeoOJmCLOkFYCEt2AyTAmi1kPuZFUDtCI0EGlYLIIe70wkaJzZWxTHQ9/4QjjCO/0Yoeo9UCLbd3KboOU+UsYpeYn7QCebcuhCnmqhTBPq+SGreZ6TeGeR5krB2vMK5VjeoJncxr4JTPb2X5evH5+5lq64PYauXTwS7JTT/u38b7nKgAjQ2wGYXjUHmx/MsT+L+AcZxs/Lu1dr5DQAA//+iDXkG)
+[Playground](https://rhysd.github.io/actionlint/#eNp8j81qwzAQhO96ijkU0h6cB/CltNDSQyDQPIHtrGO3imT2J2kIfvciJ45NIT2J0Xy7MxtDjs6kcW5LdWFeJXcAW0gPIA15n+PhfAaFw3Lz8bZaoe+d+4rlQCqJXlHlQml3uihgXyi3P6MCti1TpZFP0xeQDat3rTZWLo+Rv2sfjyngL8IWAvFSad+NNluQLPW30oJa5otUZrDmt1zRKfXeTcmjcBjB9/V6gl5fPkdElLrb4mw+8d/UveCZnUqCqiZisbGqIpHngZWLeHxC3y9udFvnk/MbAAD//3L9fcg=)
 
 Some contexts are only available in some places. For example, `env` context is not available at `jobs.<job_id>.env`, but it is
 available at `jobs.<job_id>.steps.env`.
diff --git a/docs/usage.md b/docs/usage.md
index 87f5f2c27..0165266ac 100644
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -272,7 +272,7 @@ and pyflakes).
 Available tags are:
 
 - `actionlint:latest`: Latest stable version of actionlint. This image is recommended.
-- `actionlint:{version}`: Specific version of actionlint. (e.g. `actionlint:1.7.5`)
+- `actionlint:{version}`: Specific version of actionlint. (e.g. `actionlint:1.7.6`)
 
 Just run the image with `docker run`:
 
@@ -366,7 +366,7 @@ Add this to your `.pre-commit-config.yaml` in your repository:
 ---
 repos:
   - repo: https://github.com/rhysd/actionlint
-    rev: v1.7.5
+    rev: v1.7.6
     hooks:
       - id: actionlint
 ```
@@ -425,7 +425,7 @@ trunk check enable actionlint
 or if you'd like a specific version:
 
 ```bash
-trunk check enable actionlint@1.7.5
+trunk check enable actionlint@1.7.6
 ```
 
 or modify `.trunk/trunk.yaml` in your repository to contain:
@@ -433,7 +433,7 @@ or modify `.trunk/trunk.yaml` in your repository to contain:
 ```yaml
 lint:
   enabled:
-    - actionlint@1.7.5
+    - actionlint@1.7.6
 ```
 
 Then just run:
diff --git a/expr_sema_test.go b/expr_sema_test.go
index 193684dab..65a38ac0e 100644
--- a/expr_sema_test.go
+++ b/expr_sema_test.go
@@ -1742,7 +1742,7 @@ func TestParseFormatSpecifiers(t *testing.T) {
 			want: []int{0},
 		},
 		{
-			what: "mutliple specifiers",
+			what: "multiple specifiers",
 			in:   "{0} {1}{2}x{3}}{4}!",
 			want: []int{0, 1, 2, 3, 4},
 		},
diff --git a/go.mod b/go.mod
index b11ce7d4a..33dfc5cf8 100644
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/yuin/goldmark v1.7.8
 	golang.org/x/sync v0.10.0
-	golang.org/x/sys v0.28.0
+	golang.org/x/sys v0.29.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
diff --git a/go.sum b/go.sum
index af3f70142..27567397f 100644
--- a/go.sum
+++ b/go.sum
@@ -24,8 +24,8 @@ golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
+golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
diff --git a/man/actionlint.1.ronn b/man/actionlint.1.ronn
index 280986a77..fe69d13a2 100644
--- a/man/actionlint.1.ronn
+++ b/man/actionlint.1.ronn
@@ -102,39 +102,39 @@ Documents for more details are available online.
 
 ### Checks
 
-https://github.com/rhysd/actionlint/blob/v1.7.5/docs/checks.md
+https://github.com/rhysd/actionlint/blob/v1.7.6/docs/checks.md
 
 Full list of all checks done by actionlint with example inputs, outputs, and playground links.
 
 ### Installation
 
-https://github.com/rhysd/actionlint/blob/v1.7.5/docs/install.md
+https://github.com/rhysd/actionlint/blob/v1.7.6/docs/install.md
 
 Installation instructions. Prebuilt binaries, Homebrew package, building from source, a Docker
 image, a download script (for CI) are available.
 
 ### Usage
 
-https://github.com/rhysd/actionlint/blob/v1.7.5/docs/usage.md
+https://github.com/rhysd/actionlint/blob/v1.7.6/docs/usage.md
 
 How to use `actionlint` command locally or on GitHub Actions, the online playground, an official
 Docker image, and integrations with reviewdog, Problem Matchers, super-linter, pre-commit.
 
 ### Configuration
 
-https://github.com/rhysd/actionlint/blob/v1.7.5/docs/config.md
+https://github.com/rhysd/actionlint/blob/v1.7.6/docs/config.md
 
 How to configure actionlint behavior by the configuration file `actionlint.yaml`.
 
 ### Go API
 
-https://github.com/rhysd/actionlint/blob/v1.7.5/docs/api.md
+https://github.com/rhysd/actionlint/blob/v1.7.6/docs/api.md
 
 How to use actionlint as Go library.
 
 ### References
 
-https://github.com/rhysd/actionlint/blob/v1.7.5/docs/reference.md
+https://github.com/rhysd/actionlint/blob/v1.7.6/docs/reference.md
 
 Links to resources.
 
diff --git a/playground/index.html b/playground/index.html
index eac352f4e..6c6a07ac0 100644
--- a/playground/index.html
+++ b/playground/index.html
@@ -22,7 +22,7 @@
   <body>
     <nav id="header-bar" class="navbar" role="navigation" aria-label="header navigation bar">
       <header class="header">
-        <h1 class="title"><a id="logo" rel="noopener" href="https://github.com/rhysd/actionlint"><i class="devicon-github-original"></i></a> actionlint playground<span class="tag is-dark" id="version">v1.7.5</span></h1>
+        <h1 class="title"><a id="logo" rel="noopener" href="https://github.com/rhysd/actionlint"><i class="devicon-github-original"></i></a> actionlint playground<span class="tag is-dark" id="version">v1.7.6</span></h1>
         <h2 class="subtitle">Static checker for GitHub Actions workflow files</h2>
       </header>
       <div id="controls" class="navbar-end">
@@ -60,7 +60,7 @@ <h2 class="subtitle">Static checker for GitHub Actions workflow files</h2>
           <h2><i id="res-icon" class="devicon-githubactions-plain"></i>Resources</h2>
           <p>
             <ul>
-              <li><a class="has-text-link-my-light" target="_blank" rel="noopener" href="https://github.com/rhysd/actionlint/blob/v1.7.5/docs/checks.md">Checks by actionlint</a></li>
+              <li><a class="has-text-link-my-light" target="_blank" rel="noopener" href="https://github.com/rhysd/actionlint/blob/v1.7.6/docs/checks.md">Checks by actionlint</a></li>
               <li><a class="has-text-link-my-light" target="_blank" rel="noopener" href="https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions">Workflow syntax for GitHub Actions</a></li>
               <li><a class="has-text-link-my-light" target="_blank" rel="noopener" href="https://docs.github.com/en/actions/learn-github-actions/contexts">Available contexts in workflow</a></li>
               <li><a class="has-text-link-my-light" target="_blank" rel="noopener" href="https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions">Security hardening for GitHub Actions</a></li>
diff --git a/process.go b/process.go
index c438b615b..cc978e5dc 100644
--- a/process.go
+++ b/process.go
@@ -111,7 +111,7 @@ func (proc *concurrentProcess) wait() {
 // is resolved in this function.
 func (proc *concurrentProcess) newCommandRunner(exe string, combineOutput bool) (*externalCommand, error) {
 	var args []string
-	p, args, err := findExe(exe)
+	p, args, err := resolveExternalCommand(exe)
 	if err != nil {
 		return nil, err
 	}
@@ -124,16 +124,16 @@ func (proc *concurrentProcess) newCommandRunner(exe string, combineOutput bool)
 	return cmd, nil
 }
 
-func findExe(exe string) (string, []string, error) {
-	p, err := execabs.LookPath(exe)
+func resolveExternalCommand(exe string) (string, []string, error) {
+	c, err := execabs.LookPath(exe)
 	if err == nil {
-		return p, nil, nil
+		return c, nil, nil
 	}
-	// See if the command string contains args. As it is best effort, we do not
-	// handle parse errors.
-	if exeArgs, _ := shellwords.Parse(exe); len(exeArgs) > 0 {
-		if p, err := execabs.LookPath(exeArgs[0]); err == nil {
-			return p, exeArgs[1:], nil
+
+	// Try to parse the string as a command line instead of a single executable file path.
+	if a, err := shellwords.Parse(exe); err == nil && len(a) > 0 {
+		if c, err := execabs.LookPath(a[0]); err == nil {
+			return c, a[1:], nil
 		}
 	}
 
diff --git a/process_test.go b/process_test.go
index f2c036fd0..0ba29bd1a 100644
--- a/process_test.go
+++ b/process_test.go
@@ -343,3 +343,33 @@ func TestProcessCommandExitStatusNonZero(t *testing.T) {
 		t.Fatalf("Unexpected error happened: %q", msg)
 	}
 }
+
+func TestProcessCommandlineParseError(t *testing.T) {
+	tests := []struct {
+		what string
+		cmd  string
+	}{
+		{
+			what: "broken command line",
+			cmd:  "'broken' 'arg",
+		},
+		{
+			what: "executable file not found",
+			cmd:  "this-command-does-not-exist",
+		},
+		{
+			what: "empty",
+			cmd:  "",
+		},
+	}
+
+	p := newConcurrentProcess(1)
+	for _, tc := range tests {
+		t.Run(tc.what, func(t *testing.T) {
+			_, err := p.newCommandRunner(tc.cmd, true)
+			if err == nil {
+				t.Fatalf("Command %q caused no error", tc)
+			}
+		})
+	}
+}
diff --git a/rule_expression.go b/rule_expression.go
index 7365e6ca7..eed118e22 100644
--- a/rule_expression.go
+++ b/rule_expression.go
@@ -290,8 +290,8 @@ func (rule *RuleExpression) VisitStep(n *Step) error {
 				rule.checkString(i.Value, "jobs.<job_id>.steps.with")
 			}
 		}
-		rule.checkString(e.Entrypoint, "")
-		rule.checkString(e.Args, "")
+		rule.checkString(e.Entrypoint, "jobs.<job_id>.steps.with")
+		rule.checkString(e.Args, "jobs.<job_id>.steps.with")
 		spec = e.Uses
 	}
 
@@ -485,7 +485,7 @@ func (rule *RuleExpression) checkContainer(c *Container, workflowKey, childWorkf
 		rule.checkString(c.Credentials.Username, k)
 		rule.checkString(c.Credentials.Password, k)
 	}
-	rule.checkEnv(c.Env, workflowKey+".env.<env_id>") // e.g. jobs.<job_id>.container.env.<env_id>
+	rule.checkEnv(c.Env, childWorkflowKey+".env.<env_id>") // e.g. jobs.<job_id>.container.env.<env_id>
 	rule.checkStrings(c.Ports, workflowKey)
 	rule.checkStrings(c.Volumes, workflowKey)
 	rule.checkString(c.Options, workflowKey)
diff --git a/scripts/download-actionlint.bash b/scripts/download-actionlint.bash
index babfe69d2..3905d3084 100755
--- a/scripts/download-actionlint.bash
+++ b/scripts/download-actionlint.bash
@@ -43,7 +43,7 @@ if [[ "$1" == "-h" || "$1" == "--help" ]]; then
 fi
 
 # Default value is updated manually on release
-version="1.7.4"
+version="1.7.5"
 if [ -n "$1" ]; then
     if [[ "$1" != 'latest' && "$1" != 'LATEST' ]]; then
         if [[ "$1" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
diff --git a/testdata/err/context_availability.out b/testdata/err/context_availability.out
index a94fe071a..826fd0e66 100644
--- a/testdata/err/context_availability.out
+++ b/testdata/err/context_availability.out
@@ -17,7 +17,6 @@
 /test\.yaml:106:18: context "runner" is not allowed here\. .+ \[expression\]/
 /test\.yaml:111:20: context "env" is not allowed here\. .+ \[expression\]/
 /test\.yaml:115:25: context "runner" is not allowed here\. .+ \[expression\]/
-/test\.yaml:121:23: context "runner" is not allowed here\. .+ \[expression\]/
 /test\.yaml:127:17: context "env" is not allowed here\. .+ \[expression\]/
 /test\.yaml:134:23: context "env" is not allowed here\. .+ \[expression\]/
 /test\.yaml:139:23: context "env" is not allowed here\. .+ \[expression\]/
diff --git a/testdata/err/context_availability.yaml b/testdata/err/context_availability.yaml
index 34f9666ec..69f974c40 100644
--- a/testdata/err/context_availability.yaml
+++ b/testdata/err/context_availability.yaml
@@ -111,13 +111,13 @@ jobs:
         image: ${{ env.IMAGE_NAME }}
         # jobs.<job_id>.services.<service_id>.credentials
         credentials:
-          # ERROR
+          # ERROR because runner is not available
           username: ${{ runner.name }}
           # OK
           password: ${{ env.MY_PASSWORD }}
         # jobs.<job_id>.services.<service_id>.env.<env_id>
         env:
-          # ERROR
+          # OK (#500)
           RUNNER: ${{ runner.name }}
     # jobs.<job_id>.strategy
     strategy:
diff --git a/testdata/err/shell_key_context_availability.out b/testdata/err/shell_key_context_availability.out
new file mode 100644
index 000000000..cc7a72091
--- /dev/null
+++ b/testdata/err/shell_key_context_availability.out
@@ -0,0 +1,2 @@
+/test\.yaml:6:16: context "env" is not allowed here\. no context is available here\. .+ \[expression\]/
+/test\.yaml:18:20: context "env" is not allowed here\. no context is available here\. .+ \[expression\]/
diff --git a/testdata/err/shell_key_context_availability.yaml b/testdata/err/shell_key_context_availability.yaml
new file mode 100644
index 000000000..9a1c1ceab
--- /dev/null
+++ b/testdata/err/shell_key_context_availability.yaml
@@ -0,0 +1,18 @@
+on: push
+
+defaults:
+  run:
+    # ERROR: No context is available here
+    shell: ${{ env.SHELL }}
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        # OK: 'env' context is available here
+        shell: ${{ env.SHELL }}
+    steps:
+      - run: echo hello
+        # ERROR: No context is available here
+        shell: ${{ env.SHELL}}
diff --git a/testdata/ok/issue-495_with_args.yaml b/testdata/ok/issue-495_with_args.yaml
new file mode 100644
index 000000000..d57c80562
--- /dev/null
+++ b/testdata/ok/issue-495_with_args.yaml
@@ -0,0 +1,14 @@
+on:
+  workflow_call:
+    inputs:
+      test:
+        type: string
+
+jobs:
+  my_job:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: docker://example.com:latest
+        with:
+          entrypoint: "${{ inputs.test }}"
+          args: --arg "${{ inputs.test }}"
diff --git a/testdata/projects/paths_config/workflows/foo.yaml b/testdata/projects/paths_config/workflows/foo.yaml
index dc67b3532..ce26aa56a 100644
--- a/testdata/projects/paths_config/workflows/foo.yaml
+++ b/testdata/projects/paths_config/workflows/foo.yaml
@@ -7,7 +7,7 @@ env:
 
 jobs:
   test:
-    # This erro will be reported
+    # This error will be reported
     runs-on: unknown
     steps:
       - run: echo
diff --git a/testdata/projects/paths_config/workflows/nested/piyo.yaml b/testdata/projects/paths_config/workflows/nested/piyo.yaml
index 87b473d85..3edc4b929 100644
--- a/testdata/projects/paths_config/workflows/nested/piyo.yaml
+++ b/testdata/projects/paths_config/workflows/nested/piyo.yaml
@@ -1,13 +1,13 @@
 # This error will be ignored by workflows/**/*.yaml config
 on: unknown
 
-# This erro will be reported
+# This error will be reported
 env:
   FOO: ${{ env.FOO }}
 
 jobs:
   test:
-    # This erro will be reported
+    # This error will be reported
     runs-on: unknown
     steps:
       - run: echo