Merge PR #337

Bumps the github-actions group with 15 updates:

| Package | From | To |
| --- | --- | --- |
|
[step-security/harden-runner](https://github.com/step-security/harden-runner)
| `2.14.1` | `2.15.0` |
|
[devops-actions/actionlint](https://github.com/devops-actions/actionlint)
| `0.1.10` | `0.1.11` |
| [github/codeql-action](https://github.com/github/codeql-action) |
`4.32.0` | `4.32.4` |
|
[actions/dependency-review-action](https://github.com/actions/dependency-review-action)
| `4.8.2` | `4.8.3` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact)
| `6.0.0` | `7.0.0` |
|
[nick2bad4u/generate-repo-file-list](https://github.com/nick2bad4u/generate-repo-file-list)
| `f1342075abdb94a6134398776eafce7931fd1444` |
`07b49868e86da4ee6121ea33b3f2beabd87bb87f` |
| [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) |
`9.3.0` | `9.4.0` |
| [oke-py/npm-audit-action](https://github.com/oke-py/npm-audit-action)
| `3.0.0` | `4.0.1` |
|
[google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml](https://github.com/google/osv-scanner-action)
| `2.3.2` | `2.3.3` |
|
[google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml](https://github.com/google/osv-scanner-action)
| `2.3.2` | `2.3.3` |
| [actions/stale](https://github.com/actions/stale) | `10.1.1` |
`10.2.0` |
| [actions/ai-inference](https://github.com/actions/ai-inference) |
`2.0.5` | `2.0.7` |
|
[super-linter/super-linter](https://github.com/super-linter/super-linter)
| `8.4.0` | `8.5.0` |
|
[trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog)
| `3.92.5` | `3.93.6` |
| [crate-ci/typos](https://github.com/crate-ci/typos) | `1.42.3` |
`1.44.0` |

Updates `step-security/harden-runner` from 2.14.1 to 2.15.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's
releases</a>.</em></p>
<blockquote>
<h2>v2.15.0</h2>
<h2>What's Changed</h2>
<h3>Windows and macOS runner support</h3>
<p>We are excited to announce that Harden Runner now supports
<strong>Windows and macOS runners</strong>, extending runtime security
beyond Linux for the first time.</p>
<p>Insights for Windows and macOS runners will be displayed in the same
consistent format you are already familiar with from Linux runners,
giving you a unified view of runtime activity across all platforms.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2.14.2...v2.15.0">https://github.com/step-security/harden-runner/compare/v2.14.2...v2.15.0</a></p>
<h2>v2.14.2</h2>
<h2>What's Changed</h2>
<p>Security fix: Fixed a medium severity vulnerability where outbound
network connections using sendto, sendmsg, and sendmmsg socket system
calls could bypass audit logging when using egress-policy: audit. This
issue only affects the Community Tier in audit mode; block mode and
Enterprise Tier were not affected. See <a
href="https://github.com/step-security/harden-runner/security/advisories/GHSA-cpmj-h4f6-r6pq">GHSA-cpmj-h4f6-r6pq</a>
for details.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2.14.1...v2.14.2">https://github.com/step-security/harden-runner/compare/v2.14.1...v2.14.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/step-security/harden-runner/commit/a90bcbc6539c36a85cdfeb73f7e2f433735f215b"><code>a90bcbc</code></a>
Update readme (<a
href="https://redirect.github.com/step-security/harden-runner/issues/637">#637</a>)</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/f0a59d88538059e010b6ebd90b74e2740a6d05fc"><code>f0a59d8</code></a>
Release v2.15.0 (<a
href="https://redirect.github.com/step-security/harden-runner/issues/639">#639</a>)</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/5ef0c079ce82195b2a36a210272d6b661572d83e"><code>5ef0c07</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/635">#635</a>
from step-security/rc-34</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/eb43c7b3fd5a30c42ff1ab84b494f1cc6c7cc3b6"><code>eb43c7b</code></a>
update agent</li>
<li>See full diff in <a
href="https://github.com/step-security/harden-runner/compare/e3f713f2d8f53843e71c69a996d56f51aa9adfb9...a90bcbc6539c36a85cdfeb73f7e2f433735f215b">compare
view</a></li>
</ul>
</details>
<br />

Updates `devops-actions/actionlint` from 0.1.10 to 0.1.11
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/devops-actions/actionlint/releases">devops-actions/actionlint's
releases</a>.</em></p>
<blockquote>
<h2>Release v0.1.11</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>Update actionlint version to 1.7.11 by <a
href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/161">devops-actions/actionlint#161</a></li>
</ul>
<h3>Dependency updates (GitHub Actions)</h3>
<ul>
<li>Bump github/codeql-action from 4.31.2 to 4.31.6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/127">devops-actions/actionlint#127</a></li>
<li>Bump actions/dependency-review-action from 4.8.1 to 4.8.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/125">devops-actions/actionlint#125</a></li>
<li>Bump actions/checkout from 5.0.0 to 6.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/123">devops-actions/actionlint#123</a></li>
<li>Bump actions/upload-artifact from 4.6.2 to 5.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/122">devops-actions/actionlint#122</a></li>
<li>Bump github/codeql-action from 4.31.6 to 4.31.7 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/137">devops-actions/actionlint#137</a></li>
<li>Bump actions/checkout from 6.0.0 to 6.0.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/136">devops-actions/actionlint#136</a></li>
<li>Bump step-security/harden-runner from 2.13.2 to 2.13.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/135">devops-actions/actionlint#135</a></li>
<li>Bump actions/upload-artifact from 5.0.0 to 6.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/140">devops-actions/actionlint#140</a></li>
<li>Bump jessehouwing/actions-semver-checker from 1.0.7 to 1.0.8 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/142">devops-actions/actionlint#142</a></li>
<li>Bump github/codeql-action from 4.31.7 to 4.31.8 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/141">devops-actions/actionlint#141</a></li>
<li>Bump step-security/harden-runner from 2.13.3 to 2.14.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/139">devops-actions/actionlint#139</a></li>
<li>Bump github/codeql-action from 4.31.8 to 4.31.9 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/143">devops-actions/actionlint#143</a></li>
<li>Bump devops-actions/issue-comment-tag from 0.1.8 to 0.1.9 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/152">devops-actions/actionlint#152</a></li>
<li>Bump actions/checkout from 6.0.1 to 6.0.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/153">devops-actions/actionlint#153</a></li>
<li>Bump jessehouwing/actions-semver-checker from 1.0.8 to 1.0.9 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/155">devops-actions/actionlint#155</a></li>
<li>Bump step-security/harden-runner from 2.14.0 to 2.14.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/154">devops-actions/actionlint#154</a></li>
<li>Bump jessehouwing/actions-semver-checker from 1.0.9 to 2.0.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/156">devops-actions/actionlint#156</a></li>
<li>Bump step-security/harden-runner from 2.14.1 to 2.14.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/157">devops-actions/actionlint#157</a></li>
<li>Bump jessehouwing/actions-semver-checker from 2.0.3 to 2.0.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/159">devops-actions/actionlint#159</a></li>
</ul>
<h3>Other Changes</h3>
<ul>
<li>Add reusable actions-dependencies workflow by <a
href="https://github.com/rajbos"><code>@​rajbos</code></a> in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/128">devops-actions/actionlint#128</a></li>
<li>Add reusable issue-pr-tag workflow by <a
href="https://github.com/rajbos"><code>@​rajbos</code></a> in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/129">devops-actions/actionlint#129</a></li>
<li>Update actionlint version to 1.7.9 by <a
href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/126">devops-actions/actionlint#126</a></li>
<li>Add top-level permissions to issue-pr-tag workflow by <a
href="https://github.com/rajbos"><code>@​rajbos</code></a> in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/130">devops-actions/actionlint#130</a></li>
<li>Add top-level permissions: contents: read to all workflows by <a
href="https://github.com/rajbos"><code>@​rajbos</code></a> in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/131">devops-actions/actionlint#131</a></li>
<li>add top level permissions by <a
href="https://github.com/rajbos"><code>@​rajbos</code></a> in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/132">devops-actions/actionlint#132</a></li>
<li>Update actionlint version to 1.7.9 by <a
href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot]
in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/138">devops-actions/actionlint#138</a></li>
<li>Standardize dependency-review workflow to use reusable workflow by
<a href="https://github.com/rajbos"><code>@​rajbos</code></a> in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/146">devops-actions/actionlint#146</a></li>
<li>Standardize workflows to use reusable workflows from .github repo by
<a href="https://github.com/rajbos"><code>@​rajbos</code></a> in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/145">devops-actions/actionlint#145</a></li>
<li>Add release notes categories by <a
href="https://github.com/rajbos"><code>@​rajbos</code></a> in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/150">devops-actions/actionlint#150</a></li>
<li>Fix update-actionlint workflow failing on repeated runs by <a
href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a
href="https://redirect.github.com/devops-actions/actionlint/pull/160">devops-actions/actionlint#160</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/devops-actions/actionlint/compare/v0.1.10...v0.1.11">https://github.com/devops-actions/actionlint/compare/v0.1.10...v0.1.11</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/devops-actions/actionlint/commit/469810fd82c015d3c43815cd2b0e4d02eecc4819"><code>469810f</code></a>
Update actionlint version to 1.7.11 (<a
href="https://redirect.github.com/devops-actions/actionlint/issues/161">#161</a>)</li>
<li><a
href="https://github.com/devops-actions/actionlint/commit/16325c3bd64c8663fabb550643184d8c75ab6d8e"><code>16325c3</code></a>
Fix update-actionlint workflow failing on repeated runs (<a
href="https://redirect.github.com/devops-actions/actionlint/issues/160">#160</a>)</li>
<li><a
href="https://github.com/devops-actions/actionlint/commit/191120968e6b7074b1ba2d5fd7412bd8763c7f0a"><code>1911209</code></a>
Merge pull request <a
href="https://redirect.github.com/devops-actions/actionlint/issues/159">#159</a>
from devops-actions/dependabot/github_actions/jesseho...</li>
<li><a
href="https://github.com/devops-actions/actionlint/commit/0a8db884122732a7b48b35c281f872c4b39339b6"><code>0a8db88</code></a>
Bump jessehouwing/actions-semver-checker from 2.0.3 to 2.0.4</li>
<li><a
href="https://github.com/devops-actions/actionlint/commit/be93a3da9c94d7f3f551e23c8802bdc6e2649e0d"><code>be93a3d</code></a>
Bump step-security/harden-runner from 2.14.1 to 2.14.2 (<a
href="https://redirect.github.com/devops-actions/actionlint/issues/157">#157</a>)</li>
<li><a
href="https://github.com/devops-actions/actionlint/commit/7e2800d29409791bce139d3c299481aa99456017"><code>7e2800d</code></a>
Merge pull request <a
href="https://redirect.github.com/devops-actions/actionlint/issues/156">#156</a>
from devops-actions/dependabot/github_actions/jesseho...</li>
<li><a
href="https://github.com/devops-actions/actionlint/commit/4cb1ad04fe39d5fa9a2f95d28fb441414067f451"><code>4cb1ad0</code></a>
Bump jessehouwing/actions-semver-checker from 1.0.9 to 2.0.3</li>
<li><a
href="https://github.com/devops-actions/actionlint/commit/191d0bc6049732bdd619ad6b0107a025c9b3c871"><code>191d0bc</code></a>
Bump step-security/harden-runner from 2.14.0 to 2.14.1 (<a
href="https://redirect.github.com/devops-actions/actionlint/issues/154">#154</a>)</li>
<li><a
href="https://github.com/devops-actions/actionlint/commit/9b612239ea2a7c362d1a374fa3ee8974042ce6bf"><code>9b61223</code></a>
Merge pull request <a
href="https://redirect.github.com/devops-actions/actionlint/issues/155">#155</a>
from devops-actions/dependabot/github_actions/jesseho...</li>
<li><a
href="https://github.com/devops-actions/actionlint/commit/6154f0ae2618e3302dce83e6a8ef6ed175de5eac"><code>6154f0a</code></a>
Bump jessehouwing/actions-semver-checker from 1.0.8 to 1.0.9</li>
<li>Additional commits viewable in <a
href="https://github.com/devops-actions/actionlint/compare/467e2ce19b2310e93c9ffa0b50fe31f86b5a7f23...469810fd82c015d3c43815cd2b0e4d02eecc4819">compare
view</a></li>
</ul>
</details>
<br />

Updates `github/codeql-action` from 4.32.0 to 4.32.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.32.4</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.2">2.24.2</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3493">#3493</a></li>
<li>Added an experimental change which improves how certificates are
generated for the authentication proxy that is used by the CodeQL Action
in Default Setup when <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registries are configured</a>. This is expected to generate more
widely compatible certificates and should have no impact on analyses
which are working correctly already. We expect to roll this change out
to everyone in February. <a
href="https://redirect.github.com/github/codeql-action/pull/3473">#3473</a></li>
<li>When the CodeQL Action is run <a
href="https://docs.github.com/en/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough#creating-codeql-debugging-artifacts-for-codeql-default-setup">with
debugging enabled in Default Setup</a> and <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registries are configured</a>, the &quot;Setup proxy for
registries&quot; step will output additional diagnostic information that
can be used for troubleshooting. <a
href="https://redirect.github.com/github/codeql-action/pull/3486">#3486</a></li>
<li>Added a setting which allows the CodeQL Action to enable network
debugging for Java programs. This will help GitHub staff support
customers with troubleshooting issues in GitHub-managed CodeQL
workflows, such as Default Setup. This setting can only be enabled by
GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3485">#3485</a></li>
<li>Added a setting which enables GitHub-managed workflows, such as
Default Setup, to use a <a
href="https://github.com/dsp-testing/codeql-cli-nightlies">nightly
CodeQL CLI release</a> instead of the latest, stable release that is
used by default. This will help GitHub staff support customers whose
analyses for a given repository or organization require early access to
a change in an upcoming CodeQL CLI release. This setting can only be
enabled by GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3484">#3484</a></li>
</ul>
<h2>v4.32.3</h2>
<ul>
<li>Added experimental support for testing connections to <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registries</a>. This feature is not currently enabled for any
analysis. In the future, it may be enabled by default for Default Setup.
<a
href="https://redirect.github.com/github/codeql-action/pull/3466">#3466</a></li>
</ul>
<h2>v4.32.2</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1">2.24.1</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3460">#3460</a></li>
</ul>
<h2>v4.32.1</h2>
<ul>
<li>A warning is now shown in Default Setup workflow logs if a <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registry is configured</a> using a GitHub Personal Access Token
(PAT), but no username is configured. <a
href="https://redirect.github.com/github/codeql-action/pull/3422">#3422</a></li>
<li>Fixed a bug which caused the CodeQL Action to fail when repository
properties cannot successfully be retrieved. <a
href="https://redirect.github.com/github/codeql-action/pull/3421">#3421</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.32.4 - 20 Feb 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.2">2.24.2</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3493">#3493</a></li>
<li>Added an experimental change which improves how certificates are
generated for the authentication proxy that is used by the CodeQL Action
in Default Setup when <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registries are configured</a>. This is expected to generate more
widely compatible certificates and should have no impact on analyses
which are working correctly already. We expect to roll this change out
to everyone in February. <a
href="https://redirect.github.com/github/codeql-action/pull/3473">#3473</a></li>
<li>When the CodeQL Action is run <a
href="https://docs.github.com/en/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough#creating-codeql-debugging-artifacts-for-codeql-default-setup">with
debugging enabled in Default Setup</a> and <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registries are configured</a>, the &quot;Setup proxy for
registries&quot; step will output additional diagnostic information that
can be used for troubleshooting. <a
href="https://redirect.github.com/github/codeql-action/pull/3486">#3486</a></li>
<li>Added a setting which allows the CodeQL Action to enable network
debugging for Java programs. This will help GitHub staff support
customers with troubleshooting issues in GitHub-managed CodeQL
workflows, such as Default Setup. This setting can only be enabled by
GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3485">#3485</a></li>
<li>Added a setting which enables GitHub-managed workflows, such as
Default Setup, to use a <a
href="https://github.com/dsp-testing/codeql-cli-nightlies">nightly
CodeQL CLI release</a> instead of the latest, stable release that is
used by default. This will help GitHub staff support customers whose
analyses for a given repository or organization require early access to
a change in an upcoming CodeQL CLI release. This setting can only be
enabled by GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3484">#3484</a></li>
</ul>
<h2>4.32.3 - 13 Feb 2026</h2>
<ul>
<li>Added experimental support for testing connections to <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registries</a>. This feature is not currently enabled for any
analysis. In the future, it may be enabled by default for Default Setup.
<a
href="https://redirect.github.com/github/codeql-action/pull/3466">#3466</a></li>
</ul>
<h2>4.32.2 - 05 Feb 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.1">2.24.1</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3460">#3460</a></li>
</ul>
<h2>4.32.1 - 02 Feb 2026</h2>
<ul>
<li>A warning is now shown in Default Setup workflow logs if a <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registry is configured</a> using a GitHub Personal Access Token
(PAT), but no username is configured. <a
href="https://redirect.github.com/github/codeql-action/pull/3422">#3422</a></li>
<li>Fixed a bug which caused the CodeQL Action to fail when repository
properties cannot successfully be retrieved. <a
href="https://redirect.github.com/github/codeql-action/pull/3421">#3421</a></li>
</ul>
<h2>4.32.0 - 26 Jan 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.0">2.24.0</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3425">#3425</a></li>
</ul>
<h2>4.31.11 - 23 Jan 2026</h2>
<ul>
<li>When running a Default Setup workflow with <a
href="https://docs.github.com/en/actions/how-tos/monitor-workflows/enable-debug-logging">Actions
debugging enabled</a>, the CodeQL Action will now use more unique names
when uploading logs from the Dependabot authentication proxy as workflow
artifacts. This ensures that the artifact names do not clash between
multiple jobs in a build matrix. <a
href="https://redirect.github.com/github/codeql-action/pull/3409">#3409</a></li>
<li>Improved error handling throughout the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3415">#3415</a></li>
<li>Added experimental support for automatically excluding <a
href="https://docs.github.com/en/repositories/working-with-files/managing-files/customizing-how-changed-files-appear-on-github">generated
files</a> from the analysis. This feature is not currently enabled for
any analysis. In the future, it may be enabled by default for some
GitHub-managed analyses. <a
href="https://redirect.github.com/github/codeql-action/pull/3318">#3318</a></li>
<li>The changelog extracts that are included with releases of the CodeQL
Action are now shorter to avoid duplicated information from appearing in
Dependabot PRs. <a
href="https://redirect.github.com/github/codeql-action/pull/3403">#3403</a></li>
</ul>
<h2>4.31.10 - 12 Jan 2026</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.9. <a
href="https://redirect.github.com/github/codeql-action/pull/3393">#3393</a></li>
</ul>
<h2>4.31.9 - 16 Dec 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.8 - 11 Dec 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/89a39a4e59826350b863aa6b6252a07ad50cf83e"><code>89a39a4</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3494">#3494</a>
from github/update-v4.32.4-39ba80c47</li>
<li><a
href="https://github.com/github/codeql-action/commit/e5d84c885c00d506f7816d26a298534dbbffac6d"><code>e5d84c8</code></a>
Apply remaining review suggestions</li>
<li><a
href="https://github.com/github/codeql-action/commit/0c202097b5de484e2a3725d4467f9cb7e3107881"><code>0c20209</code></a>
Apply suggestions from code review</li>
<li><a
href="https://github.com/github/codeql-action/commit/314172e5a1e1691ba4ad232b3d0230ceaf3d9239"><code>314172e</code></a>
Fix typo</li>
<li><a
href="https://github.com/github/codeql-action/commit/cdda72d36b93310932b0afe1784acd0209d190dd"><code>cdda72d</code></a>
Add changelog entries</li>
<li><a
href="https://github.com/github/codeql-action/commit/cfda84cc5509282e2adc1570c3cf29c3167ae87f"><code>cfda84c</code></a>
Update changelog for v4.32.4</li>
<li><a
href="https://github.com/github/codeql-action/commit/39ba80c47550c834104c0f222b502461ac312c29"><code>39ba80c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3493">#3493</a>
from github/update-bundle/codeql-bundle-v2.24.2</li>
<li><a
href="https://github.com/github/codeql-action/commit/00150dad957fc9c1cba52bdab82e458ae5c09fe5"><code>00150da</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/d97dce6561ae3dd4e4db9bfa95479f7572bd7566"><code>d97dce6</code></a>
Update default bundle to codeql-bundle-v2.24.2</li>
<li><a
href="https://github.com/github/codeql-action/commit/50fdbb9ec845c41d6d3509d794e3a28af7032c59"><code>50fdbb9</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3492">#3492</a>
from github/henrymercer/new-repository-properties-ff</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/b20883b0cd1f46c72ae0ba6d1090936928f9fa30...89a39a4e59826350b863aa6b6252a07ad50cf83e">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/dependency-review-action` from 4.8.2 to 4.8.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's
releases</a>.</em></p>
<blockquote>
<h2>4.8.3</h2>
<h2>Dependency Review Action v4.8.3</h2>
<p>This is a bugfix release that updates a number of upstream
dependencies and includes a fix for the earlier feature that detected
oversized summaries and upload them as artifacts, which could
occasionally crash the action.</p>
<p>We have also updated the release process to use a long-lived
<code>v4</code> <strong>branch</strong> for the action, instead of a
force-pushed tag, which aligns better with git branching strategies; the
change should be transparent to end users.</p>
<h2>What's Changed</h2>
<ul>
<li>GitHub Actions can't push to our protected main by <a
href="https://github.com/dangoor"><code>@​dangoor</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1017">actions/dependency-review-action#1017</a></li>
<li>Bump actions/stale from 9.1.0 to 10.1.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/995">actions/dependency-review-action#995</a></li>
<li>Bump github/codeql-action from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1003">actions/dependency-review-action#1003</a></li>
<li>Bump actions/setup-node from 4 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1005">actions/dependency-review-action#1005</a></li>
<li>Upgrade glob to address a vulnerability by <a
href="https://github.com/brrygrdn"><code>@​brrygrdn</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1024">actions/dependency-review-action#1024</a></li>
<li>Bump js-yaml by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1020">actions/dependency-review-action#1020</a></li>
<li>Addressing vulnerabilities by <a
href="https://github.com/Ahmed3lmallah"><code>@​Ahmed3lmallah</code></a>
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1036">actions/dependency-review-action#1036</a></li>
<li>Bump fast-xml-parser from 5.3.3 to 5.3.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1050">actions/dependency-review-action#1050</a></li>
<li>Bump fast-xml-parser from 5.3.5 to 5.3.6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1053">actions/dependency-review-action#1053</a></li>
<li>Properly truncate long summaries and catch errors by <a
href="https://github.com/juxtin"><code>@​juxtin</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1052">actions/dependency-review-action#1052</a></li>
<li>Bump spdx-expression-parse from 3.0.1 to 4.0.0 in the spdx-licenses
group across 1 directory by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/931">actions/dependency-review-action#931</a></li>
<li>Changes for Release 4.8.3 by <a
href="https://github.com/ahpook"><code>@​ahpook</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1054">actions/dependency-review-action#1054</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3">https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/dependency-review-action/commit/05fe4576374b728f0c523d6a13d64c25081e0803"><code>05fe457</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/1054">#1054</a>
from actions/ahpook/release-4.8.3</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/3a8496cb71ebae2e228d1c4a47974cdc724cf07d"><code>3a8496c</code></a>
Update generated package files for v4.8.3</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/0f22a0159293e2496eef4ce36c3b7b3b31081f7d"><code>0f22a01</code></a>
Update CONTRIBUTING for new release process</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/58be34364db3f04dc3de8db0417b5d18451a4fdf"><code>58be343</code></a>
Updating package versions for 4.8.3</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/9284e0c621cb66311d82087d9ea1f539e40da6eb"><code>9284e0c</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/931">#931</a>
from actions/dependabot/npm_and_yarn/spdx-licenses-20...</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/8b766562f01731bcb0f65222324f2152d142a19a"><code>8b76656</code></a>
Bump spdx-expression-parse in the spdx-licenses group across 1
directory</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/43f5f029f51af9c859564cae942f58ea63a22100"><code>43f5f02</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/1052">#1052</a>
from actions/juxtin/fix-long-summaries</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/f0033fc4d6972851b5170177d58a8da79811a797"><code>f0033fc</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/1053">#1053</a>
from actions/dependabot/npm_and_yarn/fast-xml-parser...</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/b379e2e05ffa2e429ca97047d4c2738a0039425e"><code>b379e2e</code></a>
Bump fast-xml-parser from 5.3.5 to 5.3.6</li>
<li><a
href="https://github.com/actions/dependency-review-action/commit/2e1cf54a500fb2037239e92489ed0bad323c8c68"><code>2e1cf54</code></a>
Properly truncate long summaries and catch errors</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/dependency-review-action/compare/3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261...05fe4576374b728f0c523d6a13d64c25081e0803">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/upload-artifact` from 6.0.0 to 7.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.0</h2>
<h2>v7 What's new</h2>
<h3>Direct Uploads</h3>
<p>Adds support for uploading single files directly (unzipped). Callers
can set the new <code>archive</code> parameter to <code>false</code> to
skip zipping the file during upload. Right now, we only support single
files. The action will fail if the glob passed resolves to multiple
files. The <code>name</code> parameter is also ignored with this
setting. Instead, the name of the artifact will be the name of the
uploaded file.</p>
<h3>ESM</h3>
<p>To support new versions of the <code>@actions/*</code> packages,
we've upgraded the package to ESM.</p>
<h2>What's Changed</h2>
<ul>
<li>Add proxy integration test by <a
href="https://github.com/Link"><code>@​Link</code></a>- in <a
href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li>
<li>Upgrade the module to ESM and bump dependencies by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/762">actions/upload-artifact#762</a></li>
<li>Support direct file uploads by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/764">actions/upload-artifact#764</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Link"><code>@​Link</code></a>- made
their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v6...v7.0.0">https://github.com/actions/upload-artifact/compare/v6...v7.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f"><code>bbbca2d</code></a>
Support direct file uploads (<a
href="https://redirect.github.com/actions/upload-artifact/issues/764">#764</a>)</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296"><code>589182c</code></a>
Upgrade the module to ESM and bump dependencies (<a
href="https://redirect.github.com/actions/upload-artifact/issues/762">#762</a>)</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5"><code>47309c9</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/754">#754</a>
from actions/Link-/add-proxy-integration-tests</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0"><code>02a8460</code></a>
Add proxy integration test</li>
<li>See full diff in <a
href="https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f">compare
view</a></li>
</ul>
</details>
<br />

Updates `nick2bad4u/generate-repo-file-list` from
f1342075abdb94a6134398776eafce7931fd1444 to
07b49868e86da4ee6121ea33b3f2beabd87bb87f
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/Nick2bad4u/Generate-Repo-File-List/commit/07b49868e86da4ee6121ea33b3f2beabd87bb87f"><code>07b4986</code></a>
Merge PR <a
href="https://redirect.github.com/nick2bad4u/generate-repo-file-list/issues/40">#40</a></li>
<li><a
href="https://github.com/Nick2bad4u/Generate-Repo-File-List/commit/7633960f1768dde4cf4418eacffd8fc2df6dd1eb"><code>7633960</code></a>
Merge PR <a
href="https://redirect.github.com/nick2bad4u/generate-repo-file-list/issues/41">#41</a></li>
<li><a
href="https://github.com/Nick2bad4u/Generate-Repo-File-List/commit/6f00b755eb8c14b060b09a2247f4aa7e0b09fcbd"><code>6f00b75</code></a>
Bump the github-actions group with 6 updates</li>
<li><a
href="https://github.com/Nick2bad4u/Generate-Repo-File-List/commit/0fa4e2bcdef33f4919de25e65391e06f5de503d8"><code>0fa4e2b</code></a>
Bump tqdm from 4.67.1 to 4.67.2 in the github-actions group</li>
<li>See full diff in <a
href="https://github.com/nick2bad4u/generate-repo-file-list/compare/f1342075abdb94a6134398776eafce7931fd1444...07b49868e86da4ee6121ea33b3f2beabd87bb87f">compare
view</a></li>
</ul>
</details>
<br />

Updates `oxsecurity/megalinter` from 9.3.0 to 9.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/oxsecurity/megalinter/releases">oxsecurity/megalinter's
releases</a>.</em></p>
<blockquote>
<h2>v9.4.0</h2>
<h2>What's Changed</h2>
<ul>
<li>
<p>Core</p>
<ul>
<li>Improve files browsing performances (2 PRs)</li>
<li>Optimize parallel linter processing and improve grouping logic</li>
<li>Improve performance of listing .gitignored files by sending excluded
directories to git ls-files</li>
<li>If there are more than 500 .gitignored files, advise to add more
excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to
improve performances</li>
<li>Reduce redundant config lookups, environment copies, and dict
rebuilds across config, linter, and utils modules</li>
<li>Cache subprocess environment per linter run and excluded directories
per request</li>
<li>Optimize parallel linter result update from O(n²) to O(n)</li>
<li>Add support in the build of Docker images for linux/arm64 in
compatible linters</li>
</ul>
</li>
<li>
<p>New linters</p>
<ul>
<li>Add <a href="https://nbqa.readthedocs.io/">PYTHON_NBQA_MYPY</a> for
type-checking Jupyter notebooks using nbqa + mypy</li>
</ul>
</li>
<li>
<p>Disabled linters</p>
<ul>
<li>LUA_SELENE: <a
href="https://redirect.github.com/Kampfkarren/selene/issues/662">Kampfkarren/selene#662</a></li>
</ul>
</li>
<li>
<p>Linters enhancements</p>
<ul>
<li>Use the official checkmake image by <a
href="https://github.com/bdovaz"><code>@​bdovaz</code></a></li>
<li>Spectral: Add sarif support to spectral by <a
href="https://github.com/bdovaz"><code>@​bdovaz</code></a></li>
<li>Spectral: Change cli_lint_mode to list_of_files to improve
performances</li>
</ul>
</li>
<li>
<p>Fixes</p>
<ul>
<li>Add support for SSH remote origins when building custom flavors
(fixes: <a
href="https://redirect.github.com/oxsecurity/megalinter/issues/6511">#6511</a>)</li>
<li>Fix issue with plugins ignored when FLAVOR_SUGGESTIONS=false</li>
<li>Fix wrong tagging <code>apply_fixes=True</code> when linter has no
fix options configured</li>
<li>Python mypy: Remove <code>.ipynb</code> from file extensions (mypy
doesn't support notebooks directly) - fixes <a
href="https://redirect.github.com/oxsecurity/megalinter/issues/6904">#6904</a></li>
<li>Fix operator precedence bug in pre_post_factory pre/post command
logic</li>
<li>Fix file handle leak in GitleaksLinter</li>
<li>Fix variable name bug in utils.get_git_context_info</li>
<li>Minor fixes in logger, SqlFluffLinter, PowershellLinter,
TrivyLinter</li>
</ul>
</li>
<li>
<p>Reporters</p>
<ul>
<li>Add a link inviting to star MegaLinter</li>
<li>Display in the console reporter the working directory from which the
commands are executed by <a
href="https://github.com/bdovaz"><code>@​bdovaz</code></a></li>
<li>Update WebHook reporter so it can send more events for a better
integration with UI</li>
<li>When truncating long comments in markdown reports, keep the end of
the text instead of the beginning (which usually contains less useful
information)</li>
<li>In case GitHub Api returns 500, do not make the whole MegaLinter
fail, display a warning instead</li>
<li>Azure Reporter: Use Azure DevOps Services REST API instead of
unmaintained python wrapper lib</li>
</ul>
</li>
<li>
<p>Flavors</p>
<ul>
<li>Custom flavor builder:
<ul>
<li>Add support for SSH remotes</li>
<li>Allow selection of platforms to build the custom flavor on (ex:
linux/amd64, linux/arm64) and build compatible linters on these
platforms</li>
<li>Build &amp; release custom flavor builder image for linux/arm64</li>
</ul>
</li>
</ul>
</li>
<li>
<p>Doc</p>
<ul>
<li>JSON Schema: Add default values for file extensions and file names
variables + improve descriptions</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md">oxsecurity/megalinter's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="https://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>, and
this project adheres to <a
href="https://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2>[Unreleased] (beta, main branch content)</h2>
<p>Note: Can be used with <code>oxsecurity/megalinter@beta</code> in
your GitHub Action mega-linter.yml file, or with
<code>oxsecurity/megalinter:beta</code> docker image</p>
<ul>
<li>
<p>Core</p>
</li>
<li>
<p>New linters</p>
</li>
<li>
<p>Disabled linters</p>
</li>
<li>
<p>Deprecated linters</p>
</li>
<li>
<p>Removed linters</p>
</li>
<li>
<p>Media</p>
</li>
<li>
<p>Linters enhancements</p>
</li>
<li>
<p>Fixes</p>
</li>
<li>
<p>Reporters</p>
</li>
<li>
<p>Flavors</p>
</li>
<li>
<p>Doc</p>
</li>
<li>
<p>CI</p>
</li>
<li>
<p>mega-linter-runner</p>
</li>
<li>
<p>Linter versions upgrades (N)</p>
<ul>
<li><a href="https://pycqa.github.io/isort/">isort</a> from 8.0.0 to
<strong>8.0.1</strong> on 2026-02-28</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
<h2>[v9.4.0] - 2026-02-28</h2>
<ul>
<li>Core
<ul>
<li>Improve files browsing performances (2 PRs)</li>
<li>Optimize parallel linter processing and improve grouping logic</li>
<li>Improve performance of listing .gitignored files by sending excluded
directories to git ls-files</li>
<li>If there are more than 500 .gitignored files, advise to add more
excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to
improve performances</li>
<li>Reduce redundant config lookups, environment copies, and dict
rebuilds across config, linter, and utils modules</li>
<li>Cache subprocess environment per linter run and excluded directories
per request</li>
<li>Optimize parallel linter result update from O(n²) to O(n)</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/oxsecurity/megalinter/commit/8fbdead70d1409964ab3d5afa885e18ee85388bb"><code>8fbdead</code></a>
Release MegaLinter v9.4.0</li>
<li><a
href="https://github.com/oxsecurity/megalinter/commit/9f605c4496977db7664f9d066c6e304bef9e7d66"><code>9f605c4</code></a>
Fix custom flavor builder workflow (<a
href="https://redirect.github.com/oxsecurity/megalinter/issues/7306">#7306</a>)</li>
<li><a
href="https://github.com/oxsecurity/megalinter/commit/b7dcb60db64d98c1adb31ad9b7d543dfdf601c4b"><code>b7dcb60</code></a>
Update changelog to prepare release (<a
href="https://redirect.github.com/oxsecurity/megalinter/issues/7304">#7304</a>)</li>
<li><a
href="https://github.com/oxsecurity/megalinter/commit/3077b04a5984e5e36c9b3b9055af71db04aae2f2"><code>3077b04</code></a>
chore(deps): update dependency regex to v2026.2.28 (<a
href="https://redirect.github.com/oxsecurity/megalinter/issues/7303">#7303</a>)</li>
<li><a
href="https://github.com/oxsecurity/megalinter/commit/edba876747ba09ce1cda4b21bfe61c171ea69649"><code>edba876</code></a>
[automation] Auto-update linters version, help and documentation (<a
href="https://redirect.github.com/oxsecurity/megalinter/issues/7299">#7299</a>)</li>
<li><a
href="https://github.com/oxsecurity/megalinter/commit/07fb84de439d1b1a0bda7cb978c53c44b2b176ac"><code>07fb84d</code></a>
chore(deps): update dependency python-gitlab to v8.1.0 (<a
href="https://redirect.github.com/oxsecurity/megalinter/issues/7302">#7302</a>)</li>
<li><a
href="https://github.com/oxsecurity/megalinter/commit/4d42e339877cdf3cbee2f48e604d87d09c95748a"><code>4d42e33</code></a>
chore(deps): update dependency fastapi to v0.134.0 (<a
href="https://redirect.github.com/oxsecurity/megalinter/issues/7301">#7301</a>)</li>
<li><a
href="https://github.com/oxsecurity/megalinter/commit/649726c17644c73b4d767dde26947d7d59900095"><code>649726c</code></a>
chore(deps): update dependency rumdl to v0.1.32 (<a
href="https://redirect.github.com/oxsecurity/megalinter/issues/7300">#7300</a>)</li>
<li><a
href="https://github.com/oxsecurity/megalinter/commit/768b5a3503e1535fb05078054814bc2497f11ccc"><code>768b5a3</code></a>
chore(deps): update dependency virtualenv to v21.1.0 (<a
href="https://redirect.github.com/oxsecurity/megalinter/issues/7298">#7298</a>)</li>
<li><a
href="https://github.com/oxsecurity/megalinter/commit/7e73a761cb1c1f566745ec033e7a2c7c400a0537"><code>7e73a76</code></a>
chore(deps): update dependency eslint-plugin-jsonc to v3 (<a
href="https://redirect.github.com/oxsecurity/megalinter/issues/7260">#7260</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/oxsecurity/megalinter/compare/42bb470545e359597e7f12156947c436e4e3fb9a...8fbdead70d1409964ab3d5afa885e18ee85388bb">compare
view</a></li>
</ul>
</details>
<br />

Updates `oke-py/npm-audit-action` from 3.0.0 to 4.0.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/oke-py/npm-audit-action/releases">oke-py/npm-audit-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.1</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<h3>Other Changes</h3>
<ul>
<li>chore(deps): bump vite to 7.3.1 by <a
href="https://github.com/oke-py"><code>@​oke-py</code></a> in <a
href="https://redirect.github.com/oke-py/npm-audit-action/pull/310">oke-py/npm-audit-action#310</a></li>
<li>refactor(input): use getBooleanInput and trim inputs by <a
href="https://github.com/oke-py"><code>@​oke-py</code></a> in <a
href="https://redirect.github.com/oke-py/npm-audit-action/pull/311">oke-py/npm-audit-action#311</a></li>
<li>refactor(workdir): centralize input normalization by <a
href="https://github.com/oke-py"><code>@​oke-py</code></a> in <a
href="https://redirect.github.com/oke-py/npm-audit-action/pull/312">oke-py/npm-audit-action#312</a></li>
<li>test(coverage): exclude fixtures and tests by <a
href="https://github.com/oke-py"><code>@​oke-py</code></a> in <a
href="https://redirect.github.com/oke-py/npm-audit-action/pull/313">oke-py/npm-audit-action#313</a></li>
<li>refactor(input): centralize input parsing by <a
href="https://github.com/oke-py"><code>@​oke-py</code></a> in <a
href="https://redirect.github.com/oke-py/npm-audit-action/pull/314">oke-py/npm-audit-action#314</a></li>
<li>refactor(pr): extract pull request handling by <a
href="https://github.com/oke-py"><code>@​oke-py</code></a> in <a
href="https://redirect.github.com/oke-py/npm-audit-action/pull/315">oke-py/npm-audit-action#315</a></li>
<li>refactor(issue): extract issue handling by <a
href="https://github.com/oke-py"><code>@​oke-py</code></a> in <a
href="https://redirect.github.com/oke-py/npm-audit-action/pull/316">oke-py/npm-audit-action#316</a></li>
<li>chore: add husky hooks for biome and tests by <a
href="https://github.com/oke-py"><code>@​oke-py</code></a> in <a
href="https://redirect.github.com/oke-py/npm-audit-action/pull/317">oke-py/npm-audit-action#317</a></li>
<li>chore(release): unify release flow and set v4.0.1 by <a
href="https://github.com/oke-py"><code>@​oke-py</code></a> in <a
href="https://redirect.github.com/oke-py/npm-audit-action/pull/318">oke-py/npm-audit-action#318</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/oke-py/npm-audit-action/compare/v4...v4.0.1">https://github.com/oke-py/npm-audit-action/compare/v4...v4.0.1</a></p>
<h2>v4.0.0</h2>
<h2>Summary</h2>
<ul>
<li>major release v4.0.0</li>
<li>update runtime from node20 to node24</li>
<li>update dependencies</li>
</ul>
<h2>Changes</h2>
<ul>
<li>version bump to 4.0.0</li>
<li>update README and workflows to use v4</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/oke-py/npm-audit-action/commit/f02a3cf15e7a1860efac849dd45126f9c2cafe4f"><code>f02a3cf</code></a>
Merge pull request <a
href="https://redirect.github.com/oke-py/npm-audit-action/issues/318">#318</a>
from oke-py/chore/release-flow</li>
<li><a
href="https://github.com/oke-py/npm-audit-action/commit/ec06595331e88dc65475818690651582f4dfdb4b"><code>ec06595</code></a>
docs: unify release process</li>
<li><a
href="https://github.com/oke-py/npm-audit-action/commit/3caf7bb22dcd24aeaa2e081019dd9dab6659b805"><code>3caf7bb</code></a>
chore(release): drop PR label bump and set v4.0.1</li>
<li><a
href="https://github.com/oke-py/npm-audit-action/commit/c121642d9c4b16843e49de55da4b17db67c19423"><code>c121642</code></a>
Merge pull request <a
href="https://redirect.github.com/oke-py/npm-audit-action/issues/317">#317</a>
from oke-py/chore/husky-biome</li>
<li><a
href="https://github.com/oke-py/npm-audit-action/commit/69ef773c0b3e9a22fedac6b8881dfb11d0678942"><code>69ef773</code></a>
fix(deps): dedupe husky and lint-staged</li>
<li><a
href="https://github.com/oke-py/npm-audit-action/commit/11ac1101b0c986ef56a9588e7d3d4e9ad4b34295"><code>11ac110</code></a>
chore: add husky hooks for biome and tests</li>
<li><a
href="https://github.com/oke-py/npm-audit-action/commit/b74e8be77a7e478b1ba1b05cfebfd65ee7553b7d"><code>b74e8be</code></a>
chore: update dist [skip ci]</li>
<li><a
href="https://github.com/oke-py/npm-audit-action/commit/7ed876028232f94bc97b62e11f80edf98900b046"><code>7ed8760</code></a>
Merge pull request <a
href="https://redirect.github.com/oke-py/npm-audit-action/issues/316">#316</a>
from oke-py/chore/issue-handler</li>
<li><a
href="https://github.com/oke-py/npm-audit-action/commit/34b44fdd2cf9992347bb5b11bd25b00ad4da43fa"><code>34b44fd</code></a>
refactor(issue): extract issue handling</li>
<li><a
href="https://github.com/oke-py/npm-audit-action/commit/f5aee93a2fab71d4780f9431f0ec69040378f87c"><code>f5aee93</code></a>
chore: update dist [skip ci]</li>
<li>Additional commits viewable in <a
href="https://github.com/oke-py/npm-audit-action/compare/6ec7878c81d7dfe2b3295a63e1a608e9c952f46a...f02a3cf15e7a1860efac849dd45126f9c2cafe4f">compare
view</a></li>
</ul>
</details>
<br />

Updates
`google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml`
from 2.3.2 to 2.3.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/osv-scanner-action/releases">google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml's
releases</a>.</em></p>
<blockquote>
<h2>v2.3.3</h2>
<p>This updates OSV-Scanner to v2.3.3.</p>
<h2>What's Changed</h2>
<ul>
<li>chore(deps): update github/codeql-action action to v4.31.10 by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/google/osv-scanner-action/pull/115">google/osv-scanner-action#115</a></li>
<li>Update to v2.3.3 by <a
href="https://github.com/Ly-Joey"><code>@​Ly-Joey</code></a> in <a
href="https://redirect.github.com/google/osv-scanner-action/pull/118">google/osv-scanner-action#118</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Ly-Joey"><code>@​Ly-Joey</code></a> made
their first contribution in <a
href="https://redirect.github.com/google/osv-scanner-action/pull/118">google/osv-scanner-action#118</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google/osv-scanner-action/compare/v2.3.2...v2.3.3">https://github.com/google/osv-scanner-action/compare/v2.3.2...v2.3.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google/osv-scanner-action/commit/c5996e0193a3df57d695c1b8a1dec2a4c62e8730"><code>c5996e0</code></a>
Merge pull request <a
href="https://redirect.github.com/google/osv-scanner-action/issues/118">#118</a>
from google/update-to-v2.3.3</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/f4fac926054e3236b87692fa58d351da22518991"><code>f4fac92</code></a>
Update unified workflow example to point to v2.3.3 reusable
workflows</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/8ae4be80636b94886b3c271caad730985ce0611c"><code>8ae4be8</code></a>
Update reusable workflows to point to v2.3.3 actions</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/8018483926dd235b3013d8c88023e644b9f8e09e"><code>8018483</code></a>
&quot;Update actions to use v2.3.3 osv-scanner image&quot;</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/2c222dbe8cbd6baffa4929823c8e5c3ab481d4d0"><code>2c222db</code></a>
Merge pull request <a
href="https://redirect.github.com/google/osv-scanner-action/issues/115">#115</a>
from renovate-bot/renovate/workflows</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/115472d53545bb5e00eab96c82d23b16922bc73f"><code>115472d</code></a>
chore(deps): update github/codeql-action action to v4.31.10</li>
<li>See full diff in <a
href="https://github.com/google/osv-scanner-action/compare/2a387edfbe02a11d856b89172f6e978100177eb4...c5996e0193a3df57d695c1b8a1dec2a4c62e8730">compare
view</a></li>
</ul>
</details>
<br />

Updates
`google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml`
from 2.3.2 to 2.3.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/osv-scanner-action/releases">google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml's
releases</a>.</em></p>
<blockquote>
<h2>v2.3.3</h2>
<p>This updates OSV-Scanner to v2.3.3.</p>
<h2>What's Changed</h2>
<ul>
<li>chore(deps): update github/codeql-action action to v4.31.10 by <a
href="https://github.com/renovate-bot"><code>@​renovate-bot</code></a>
in <a
href="https://redirect.github.com/google/osv-scanner-action/pull/115">google/osv-scanner-action#115</a></li>
<li>Update to v2.3.3 by <a
href="https://github.com/Ly-Joey"><code>@​Ly-Joey</code></a> in <a
href="https://redirect.github.com/google/osv-scanner-action/pull/118">google/osv-scanner-action#118</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Ly-Joey"><code>@​Ly-Joey</code></a> made
their first contribution in <a
href="https://redirect.github.com/google/osv-scanner-action/pull/118">google/osv-scanner-action#118</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google/osv-scanner-action/compare/v2.3.2...v2.3.3">https://github.com/google/osv-scanner-action/compare/v2.3.2...v2.3.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google/osv-scanner-action/commit/c5996e0193a3df57d695c1b8a1dec2a4c62e8730"><code>c5996e0</code></a>
Merge pull request <a
href="https://redirect.github.com/google/osv-scanner-action/issues/118">#118</a>
from google/update-to-v2.3.3</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/f4fac926054e3236b87692fa58d351da22518991"><code>f4fac92</code></a>
Update unified workflow example to point to v2.3.3 reusable
workflows</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/8ae4be80636b94886b3c271caad730985ce0611c"><code>8ae4be8</code></a>
Update reusable workflows to point to v2.3.3 actions</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/8018483926dd235b3013d8c88023e644b9f8e09e"><code>8018483</code></a>
&quot;Update actions to use v2.3.3 osv-scanner image&quot;</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/2c222dbe8cbd6baffa4929823c8e5c3ab481d4d0"><code>2c222db</code></a>
Merge pull request <a
href="https://redirect.github.com/google/osv-scanner-action/issues/115">#115</a>
from renovate-bot/renovate/workflows</li>
<li><a
href="https://github.com/google/osv-scanner-action/commit/115472d53545bb5e00eab96c82d23b16922bc73f"><code>115472d</code></a>
chore(deps): update github/codeql-action action to v4.31.10</li>
<li>See full diff in <a
href="https://github.com/google/osv-scanner-action/compare/2a387edfbe02a11d856b89172f6e978100177eb4...c5996e0193a3df57d695c1b8a1dec2a4c62e8730">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/stale` from 10.1.1 to 10.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/stale/releases">actions/stale's
releases</a>.</em></p>
<blockquote>
<h2>v10.2.0</h2>
<h2>What's Changed</h2>
<h3>Bug Fix</h3>
<ul>
<li>Fix checking state cache (fix <a
href="https://redirect.github.com/actions/stale/issues/1136">#1136</a>)
and switch to Octokit helper methods by <a
href="https://github.com/itchyny"><code>@​itchyny</code></a> in <a
href="https://redirect.github.com/actions/stale/pull/1152">actions/stale#1152</a></li>
</ul>
<h3>Dependency Updates</h3>
<ul>
<li>Upgrade js-yaml from 4.1.0 to 4.1.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/stale/pull/1304">actions/stale#1304</a></li>
<li>Upgrade lodash from 4.17.21 to 4.17.23 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/stale/pull/1313">actions/stale#1313</a></li>
<li>Upgrade actions/cache from 4.0.3 to 5.0.2 and actions/github from
5.1.1 to 7.0.0 by <a
href="https://github.com/chiranjib-swain"><code>@​chiranjib-swain</code></a>
in <a
href="https://redirect.github.com/actions/stale/pull/1312">actions/stale#1312</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/itchyny"><code>@​itchyny</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/stale/pull/1152">actions/stale#1152</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/stale/compare/v10...v10.2.0">https://github.com/actions/stale/compare/v10...v10.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/stale/commit/b5d41d4e1d5dceea10e7104786b73624c18a190f"><code>b5d41d4</code></a>
build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (<a
href="https://redirect.github.com/actions/stale/issues/1313">#1313</a>)</li>
<li><a
href="https://github.com/actions/stale/commit/dcd2b9469d2220b7e8d08aedc00c105d277fd46b"><code>dcd2b94</code></a>
Fix punycode and url.parse Deprecation Warnings (<a
href="https://redirect.github.com/actions/stale/issues/1312">#1312</a>)</li>
<li><a
href="https://github.com/actions/stale/commit/d6f8a33132340b15a7006f552936e4b9b39c00ec"><code>d6f8a33</code></a>
build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (<a
href="https://redirect.github.com/actions/stale/issues/1304">#1304</a>)</li>
<li><a
href="https://github.com/actions/stale/commit/a21a0816299b11691f9592ef0d63d08e02f06d9d"><code>a21a081</code></a>
Fix checking state cache (fix <a
href="https://redirect.github.com/actions/stale/issues/1136">#1136</a>),
also switch to octokit methods (<a
href="https://redirect.github.com/actions/stale/issues/1152">#1152</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/stale/compare/997185467fa4f803885201cee163a9f38240193d...b5d41d4e1d5dceea10e7104786b73624c18a190f">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/ai-inference` from 2.0.5 to 2.0.7
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/ai-inference/releases">actions/ai-inference's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.7</h2>
<h2>What's Changed</h2>
<ul>
<li>Support passing max_tokens and max_completion_tokens by <a
href="https://github.com/GitPaulo"><code>@​GitPaulo</code></a> in <a
href="https://redirect.github.com/actions/ai-inference/pull/173">actions/ai-inference#173</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/ai-inference/compare/v2...v2.0.7">https://github.com/actions/ai-inference/compare/v2...v2.0.7</a></p>
<h2>v2.0.6</h2>
<h2>What's Changed</h2>
<ul>
<li>Add model parameters temperature and topP to action inputs by <a
href="https://github.com/GitPaulo"><code>@​GitPaulo</code></a> in <a
href="https://redirect.github.com/actions/ai-inference/pull/168">actions/ai-inference#168</a></li>
<li>chore(deps): bump lodash from 4.17.21 to 4.17.23 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/ai-inference/pull/164">actions/ai-inference#164</a></li>
<li>chore(deps): bump <code>@​rollup/rollup-linux-x64-gnu</code> from
4.52.5 to 4.55.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/ai-inference/pull/160">actions/ai-inference#160</a></li>
<li>Update deprecated max_tokens to max_completion_tokens by <a
href="https://github.com/GitPaulo"><code>@​GitPaulo</code></a> in <a
href="https://redirect.github.com/actions/ai-inference/pull/170">actions/ai-inference#170</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/GitPaulo"><code>@​GitPaulo</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/ai-inference/pull/168">actions/ai-inference#168</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/ai-inference/compare/v2.0.5...v2.0.6">https://github.com/actions/ai-inference/compare/v2.0.5...v2.0.6</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/ai-inference/commit/e09e65981758de8b2fdab13c2bfb7c7d5493b0b6"><code>e09e659</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/ai-inference/issues/173">#173</a>
from GitPaulo/main</li>
<li><a
href="https://github.com/actions/ai-inference/commit/e608d2ba8af6e9132566ff49c52db2b9e6774eb2"><code>e608d2b</code></a>
update dist</li>
<li><a
href="https://github.com/actions/ai-inference/commit/27965bc3a4dcd3b52d4676bd7b0a73e97b620a30"><code>27965bc</code></a>
updated docs for missing prompt.yml model parameters</li>
<li><a
href="https://github.com/actions/ai-inference/commit/a8bddad5e5ee6e8a62e72a87e9d81c787df47efc">…

Author: Nick2bad4u

.github/workflows/ActionLint.yml

@@ -36,10 +36,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           egress-policy: audit
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: devops-actions/actionlint@467e2ce19b2310e93c9ffa0b50fe31f86b5a7f23 #v0.1.10
+      - uses: devops-actions/actionlint@469810fd82c015d3c43815cd2b0e4d02eecc4819 #v0.1.11
         continue-on-error: true
         id: action-lint

.github/workflows/Bandit.yml

@@ -53,7 +53,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           disable-sudo: true
           egress-policy: block

.github/workflows/Snake.yml

@@ -46,7 +46,7 @@ jobs:
     steps:
       # generates a snake game from a github user (<github_user_name>) contributions graph, output a svg animation at <svg_out_path>
       - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           egress-policy: audit
 

.github/workflows/black-formatter.yml

@@ -37,7 +37,7 @@ jobs:
     steps:
       # Step to harden the runner for security purposes
       - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           disable-sudo: true # Disable sudo to prevent privilege escalation
           egress-policy: block # Block all egress traffic

.github/workflows/codeql.yml

@@ -66,7 +66,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           egress-policy: audit
 
@@ -75,7 +75,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v3.29.5
+        uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -85,7 +85,7 @@ jobs:
           # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
           # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v3.29.5
+        uses: github/codeql-action/autobuild@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -98,6 +98,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v3.29.5
+        uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/deno.yml

@@ -46,7 +46,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           egress-policy: audit
 

.github/workflows/dependency-review.yml

@@ -39,11 +39,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           egress-policy: audit
 
       - name: "Checkout Repository"
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: "Dependency Review"
-        uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
+        uses: actions/dependency-review-action@05fe4576374b728f0c523d6a13d64c25081e0803 # v4.8.3

.github/workflows/devskim.yml

@@ -30,7 +30,7 @@ jobs:
       security-events: write
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           egress-policy: audit
 
@@ -57,12 +57,12 @@ jobs:
           done
 
       - name: Upload DevSkim SARIF as artifact
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: devskim-results
           path: devskim-results.sarif
 
       - name: Upload DevSkim scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v3.29.5
+        uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5
         with:
           sarif_file: devskim-results.sarif

.github/workflows/eslint.yml

@@ -44,7 +44,7 @@ jobs:
       actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           egress-policy: audit
 
@@ -72,13 +72,13 @@ jobs:
         continue-on-error: true
 
       - name: Upload analysis results to GitHub
-        uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v2.27.0
+        uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v2.27.0
         with:
           sarif_file: eslint-results.sarif
           wait-for-processing: true
 
       - name: Upload ESLint SARIF as artifact
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: eslint-results
           path: eslint-results.sarif

.github/workflows/generate-file-list.yml

@@ -17,7 +17,7 @@ jobs:
 
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           egress-policy: audit
 
@@ -55,7 +55,7 @@ jobs:
           # For example: pip install requests
 
       - name: Run Generate Repo File List Action
-        uses: nick2bad4u/generate-repo-file-list@f1342075abdb94a6134398776eafce7931fd1444 # main
+        uses: nick2bad4u/generate-repo-file-list@07b49868e86da4ee6121ea33b3f2beabd87bb87f # main
         with:
           log-level: "INFO"
           directory: "."