chore(deps): bump the github-actions group with 17 updates

[dependabot]

Bumps the github-actions group with 17 updates:

Package	From	To
step-security/harden-runner	2.14.0	2.14.1
actions/checkout	6.0.1	6.0.2
psf/black	25.12.0	26.1.0
github/codeql-action	4.31.9	4.32.0
actions/cache	5.0.1	5.0.3
actions/setup-python	6.1.0	6.2.0
nick2bad4u/generate-repo-file-list	0b66b048983ecaef45cb1bc7acc6c81e1d210de7	f1342075abdb94a6134398776eafce7931fd1444
oxsecurity/megalinter	9.2.0	9.3.0
google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml	2.3.1	2.3.2
google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml	2.3.1	2.3.2
actions/setup-node	6.1.0	6.2.0
peter-evans/create-pull-request	8.0.0	8.1.0
rojopolis/spellcheck-github-actions	0.56.0	0.58.0
actions/ai-inference	2.0.4	2.0.5
super-linter/super-linter	8.3.2	8.4.0
trufflesecurity/trufflehog	3.92.4	3.92.5
crate-ci/typos	1.41.0	1.42.3

Updates step-security/harden-runner from 2.14.0 to 2.14.1

Release notes

Sourced from step-security/harden-runner's releases.

v2.14.1

What's Changed

1. In some self-hosted environments, the agent could briefly fall back to public DNS resolvers during startup if the system DNS was not yet available. This behavior was unintended for GitHub-hosted runners and has now been fixed to prevent any use of public DNS resolvers.

2. Fixed npm audit vulnerabilities

Full Changelog: step-security/harden-runner@v2.14.0...v2.14.1

Commits

• e3f713f Merge pull request #631 from step-security/rc-31
• 423acdd chore: fix npm audit vulnerabilities
• 0ddb86c update agent
• See full diff in compare view

Updates actions/checkout from 6.0.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

• Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @​TingluoHuang in actions/checkout#2355
• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

v6.0.1

• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327

v6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

v5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

v5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

v4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

v4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

... (truncated)

Commits

• de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
• 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
• See full diff in compare view

Updates psf/black from 25.12.0 to 26.1.0

Release notes

Sourced from psf/black's releases.

26.1.0

Highlights

Introduces the 2026 stable style (#4892), stabilizing the following changes:

• always_one_newline_after_import: Always force one blank line after import statements, except when the line after the import is a comment or an import statement (#4489)
• fix_fmt_skip_in_one_liners: Fix # fmt: skip behavior on one-liner declarations, such as def foo(): return "mock" # fmt: skip, where previously the declaration would have been incorrectly collapsed (#4800)
• fix_module_docstring_detection: Fix module docstrings being treated as normal strings if preceded by comments (#4764)
• fix_type_expansion_split: Fix type expansions split in generic functions (#4777)
• multiline_string_handling: Make expressions involving multiline strings more compact (#1879)
• normalize_cr_newlines: Add \r style newlines to the potential newlines to normalize file newlines both from and to (#4710)
• remove_parens_around_except_types: Remove parentheses around multiple exception types in except and except* without as (#4720)
• remove_parens_from_assignment_lhs: Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting (#4865)
• standardize_type_comments: Format type comments which have zero or more spaces between # and type: or between type: and value to # type: (value) (#4645)

The following change was not in any previous stable release:

• Regenerated the _width_table.py and added tests for the Khmer language (#4253)

This release alo bumps pathspec to v1 and fixes inconsistencies with Git's .gitignore logic (#4958). Now, files will be ignored if a pattern matches them, even if the parent directory is directly unignored. For example, Black would previously format exclude/not_this/foo.py with this .gitignore:

exclude/
!exclude/not_this/

Now, exclude/not_this/foo.py will remain ignored. To ensure exclude/not_this/ and all of it's children are included in formatting (and in Git), use this .gitignore:

*/exclude/*
!*/exclude/not_this/

This new behavior matches Git. The leading */ are only necessary if you wish to ignore matching subdirectories (like the previous behavior did), and not just matching root

... (truncated)

Changelog

Sourced from psf/black's changelog.

Change Log

Unreleased

Highlights

Stable style

• Don't double-decode input, causing non-UTF-8 files to be corrupted (#4964)

Preview style

• Fix string_processing crashing on unassigned long string literals with trailing commas (one-item tuples) (#4929)
• Simplify implementation of the power operator "hugging" logic (#4918)

Configuration

Packaging

• Fix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in frozen environments (#4930)

Parser

Performance

Output

Blackd

... (truncated)

Commits

• 6305bf1 Prepare 2026.1.0 release (#4892)
• e71305b Bump pypa/cibuildwheel from 3.3.0 to 3.3.1 (#4961)
• 21a2a8c Fix Shutdown multiprocessing Manager in schedule_formatting (#4952)
• e3146ce Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#4919)
• fe1fbc4 Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#4923)
• 2b4b7fc Bump actions/download-artifact from 6.0.0 to 7.0.0 (#4922)
• d745be6 docs: document --force-exclude for pre-commit workflows (#4957)
• b41acd6 Various CI and doc refactors (#4928)
• 6f43612 Handle pathspec v1 changes (#4958)
• 200c550 Bump furo from 2025.9.25 to 2025.12.19 in /docs (#4933)
• Additional commits viewable in compare view

Updates github/codeql-action from 4.31.9 to 4.32.0

Release notes

Sourced from github/codeql-action's releases.

v4.32.0

• Update default CodeQL bundle version to 2.24.0. #3425

v4.31.11

• When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
• Improved error handling throughout the CodeQL Action. #3415
• Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
• The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403

v4.31.10

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.10 - 12 Jan 2026

• Update default CodeQL bundle version to 2.23.9. #3393

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.32.0 - 26 Jan 2026

• Update default CodeQL bundle version to 2.24.0. #3425

4.31.11 - 23 Jan 2026

• When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
• Improved error handling throughout the CodeQL Action. #3415
• Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
• The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403

4.31.10 - 12 Jan 2026

• Update default CodeQL bundle version to 2.23.9. #3393

4.31.9 - 16 Dec 2025

No user facing changes.

4.31.8 - 11 Dec 2025

• Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

• Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

• Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

• CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.

... (truncated)

Commits

• b20883b Merge pull request #3428 from github/update-v4.32.0-e3b8227a2
• c9aa45d Update changelog for v4.32.0
• e3b8227 Merge pull request #3427 from github/henrymercer/bump-for-new-minor-series
• 8a01181 Compare minor version number
• 80e1425 Bump minor version for CLI v2.24.0
• b748848 Bump the Action minor version number on new CodeQL minor version series
• 5e767ef Merge pull request #3425 from github/update-bundle/codeql-bundle-v2.24.0
• 9752869 Add changelog note
• c62c214 Update default bundle to codeql-bundle-v2.24.0
• 25a224b Merge pull request #3423 from github/mbg/ci/yq-windows
• Additional commits viewable in compare view

Updates actions/cache from 5.0.1 to 5.0.3

Release notes

Sourced from actions/cache's releases.

v5.0.3

What's Changed

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

Full Changelog: actions/cache@v5...v5.0.3

v.5.0.2

v5.0.2

What's Changed

When creating cache entries, 429s returned from the cache service will not be retried.

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

1. Switch to a new branch from main.
2. Run npm test to ensure all tests are passing.
3. Update the version in https://github.com/actions/cache/blob/main/package.json.
4. Run npm run build to update the compiled files.
5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
6. Run licensed cache to update the license report.
7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
8. Commit your changes and push your branch upstream.
9. Open a pull request against main and get it reviewed and merged.
10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.3

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

5.0.2

• Bump @actions/cache to v5.0.3 #1692

5.0.1

• Update @azure/storage-blob to ^12.29.1 via @actions/[email protected] #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

4.3.0

• Bump @actions/cache to v4.1.0

... (truncated)

Commits

• cdf6c1f Merge pull request #1695 from actions/Link-/prepare-5.0.3
• a1bee22 Add review for the @​actions/http-client license
• 4695763 Add licensed output
• dc73bb9 Upgrade dependencies and address security warnings
• 345d5c2 Add 5.0.3 builds
• 8b402f5 Merge pull request #1692 from GhadimiR/main
• 304ab5a license for httpclient
• 609fc19 Update licensed record for cache
• b22231e Build
• 93150cd Add PR link to releases
• Additional commits viewable in compare view

Updates actions/setup-python from 6.1.0 to 6.2.0

Release notes

Sourced from actions/setup-python's releases.

v6.2.0

What's Changed

Dependency Upgrades

• Upgrade dependencies to Node 24 compatible versions by @​salmanmkc in actions/setup-python#1259
• Upgrade urllib3 from 2.5.0 to 2.6.3 in /__tests__/data by @​dependabot in actions/setup-python#1253 and actions/setup-python#1264

Full Changelog: actions/setup-python@v6...v6.2.0

Commits

• a309ff8 Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)
• bfe8cc5 Upgrade @​actions dependencies to Node 24 compatible versions (#1259)
• 4f41a90 Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)
• See full diff in compare view

Updates nick2bad4u/generate-repo-file-list from 0b66b048983ecaef45cb1bc7acc6c81e1d210de7 to f1342075abdb94a6134398776eafce7931fd1444

Commits

• f134207 Merge PR #39
• d174067 Bump the github-actions group with 7 updates
• See full diff in compare view

Updates oxsecurity/megalinter from 9.2.0 to 9.3.0

Release notes

Sourced from oxsecurity/megalinter's releases.

v9.3.0

What's Changed

• Core

  • Add enum name support in MegaLinter config Json schema for better autocompletion in editors
  • Update base image to python:3.13-alpine3.23

• New linters

  • Add codespell
  • Add kingfisher by @​bdovaz
  • Add rumdl by @​bdovaz

• Linters enhancements

  • Change checkmake Docker image reference by @​bdovaz

• Reporters

  • Handle multiple MegaLinter runs on the same repo using custom value sent in variable MEGALINTER_MULTIRUN_KEY
  • Allow to override url to CI build in Git based reporters using REPORTERS_ACTION_RUN_URL variable
  • Fix sections display in Gitlab console logs

• Doc

  • Classify all JSON schema config variables by category and section

• CI

  • Free disk space on GitHub actions runner when releasing a new flavor
  • Add missing Dockerfile patterns to Renovate Dockerfile manager
  • Remove gitpod custom image, workflow, and makefile targets

• Linter versions upgrades (54)

  • actionlint from 1.7.9 to 1.7.10
  • ansible-lint from 25.11.1 to 25.12.2
  • bash-exec from 5.2.37 to 5.3.3
  • black from 25.11.0 to 25.12.0
  • cfn-lint from 1.41.0 to 1.43.1
  • checkov from 3.2.495 to 3.2.497
  • clang-format from 20.1.8 to 21.1.2
  • clippy from 0.1.91 to 0.1.92
  • clj-kondo from 2025.10.23 to 2025.12.23
  • code-analyzer-apex from 5.6.1 to 5.7.1
  • code-analyzer-aura from 5.6.1 to 5.7.1
  • code-analyzer-lwc from 5.6.1 to 5.7.1
  • cppcheck from 2.14.2 to 2.18.3
  • csharpier from 1.2.1 to 1.2.5
  • cspell from 9.3.2 to 9.4.0
  • dartanalyzer from 3.8.3 to 3.10.7
  • dotnet-format from 9.0.111 to 9.0.112
  • git_diff from 2.49.1 to 2.52.0
  • golangci-lint from 2.6.2 to 2.7.2
  • grype from 0.104.1 to 0.104.3
  • helm from 3.18.4 to 3.19.0

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

• Core

  • Improve files browsing performances
  • Optimize parallel linter processing and improve grouping logic
  • Improve performance of listing .gitignored files by sending excluded directories to git ls-files
  • If there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances

• New linters

• Disabled linters

  • LUA_SELENE: Kampfkarren/selene#662

• Deprecated linters

• Removed linters

• Media

• Linters enhancements

  • Use the official checkmake image by @​bdovaz
  • Add sarif support to spectral by @​bdovaz

• Fixes

  • Add support for SSH remote origins when building custom flavors (fixes: #6511)
  • Fix issue with plugins ignored when FLAVOR_SUGGESTIONS=false
  • Fix wrong tagging apply_fixes=True when linter has no fix options configured
  • Python mypy: Remove .ipynb from file extensions (mypy doesn't support notebooks directly) - fixes #6904

• Reporters

  • Add a link inviting to star MegaLinter
  • Display in the console reporter the working directory from which the commands are executed by @​bdovaz
  • Update WebHook reporter so it can send more events for a better integration with UI
  • When truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)

• Doc

  • JSON Schema: add default values for file extensions and file names variables + improve descriptions
  • Update default secured env variables documentation

• Flavors

• CI

... (truncated)

Commits

• 42bb470 Release MegaLinter v9.3.0
• fe74938 changelog
• edb083a [automation] Auto-update linters version, help and documentation (#6889)
• 824240c JSON Schema fix (#6888)
• 9af8d5b chore(deps): update dependency npm-package-json-lint to v9.1.0 (#6883)
• 781c95c [automation] Auto-update linters version, help and documentation (#6885)
• 101b802 JSON Schema (#6887)
• 3ab7a93 chore(deps): update dependency friendsofphp/php-cs-fixer to v3.92.4 (#6886)
• 12f7c03 chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.9.21 (#6882)
• 91a9dfb chore(deps): update dependency sfdx-hardis to v6.20.0 (#6884)
• Additional commits viewable in compare view

Updates google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml from 2.3.1 to 2.3.2

Release notes

Sourced from google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml's releases.

v2.3.2

This updates OSV-Scanner to v2.3.2

This release includes performance improvements for local scanning, reducing memory usage and avoiding unnecessary advisory loading. It also fixes issues with MCP's get_vulnerability_details tool, git queries in osv-scanner.json, and ignore entry tracking, along with documentation updates.

Fixes:

• [Bug #2415](google/osv-scanner#2415) Add more PURL-to-ecosystem mappings
• [Bug #2422](google/osv-scanner#2422) MCP error for get_vulnerability_id because type definition is incorrect.
• [Bug #2460](google/osv-scanner#2460) Enable osv-scanner.json git queries
• [Bug #2456](google/osv-scanner#2456) Properly track if an ignore entry has been used
• [Bug #2450](google/osv-scanner#2450) Performance: Avoid loading the entire advisory unless it will actually be used
• [Bug #2445](google/osv-scanner#2445) Performance: Don't read the entire zip into memory
• [Bug #2433](google/osv-scanner#2433) Allow specifying user agent in v2 osvscanner package

Misc:

• [Misc #2453](google/osv-scanner#2453) Switch from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3
• [Misc #2447](google/osv-scanner#2447) Include bun.lock as a supported lockfile
• [Misc #2444](google/osv-scanner#2444) Document GoVersionOverride in configuration.md

Full Changelog: google/osv-scanner@v2.3.1...v2.3.2

Commits

• 2a387ed Merge pull request #116 from google/update-to-v2.3.2
• f75042f Update unified workflow example to point to v2.3.2 reusable workflows
• 17ad728 Update reusable workflows to point to v2.3.2 actions
• 9eebeae "Update actions to use v2.3.2 osv-scanner image"
• dcf7b89 Merge pull request #114 from renovate-bot/renovate/major-workflows
• 6bcc4fa Merge pull request #113 from renovate-bot/renovate/workflows
• 70f7395 chore(deps): update github/codeql-action action to v4.31.9
• 7c3c2a7 chore(deps): update workflows
• a239d86 Merge pull request #109 from renovate-bot/renovate/major-workflows
• 5345c88 chore(deps): update actions/checkout action to v6
• See full diff in compare view

Updates google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml from 2.3.1 to 2.3.2

Release notes

Sourced from google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml's releases.

v2.3.2

This updates OSV-Scanner to v2.3.2

This release includes performance improvements for local scanning, reducing memory usage and avoiding unnecessary advisory loading. It also fixes issues with MCP's get_vulnerability_details tool, git queries in osv-scanner.json, and ignore entry tracking, along with documentation updates.

Fixes:

• [Bug #2415](google/osv-scanner#2415) Add more PURL-to-ecosystem mappings
• [Bug #2422](google/osv-scanner#2422) MCP error for get_vulnerability_id because type definition is incorrect.
• [Bug #2460](google/osv-scanner#2460) Enable osv-scanner.json git queries
• [Bug #2456](google/osv-scanner#2456) Properly track if an ignore entry has been used
• [Bug #2450](google/osv-scanner#2450) Performance: Avoid loading the entire advisory unless it will actually be used
• [Bug #2445](google/osv-scanner#2445) Performance: Don't read the entire zip into memory
• [Bug #2433](google/osv-scanner#2433) Allow specifying user agent in v2 osvscanner package

Misc:

• [Misc #2453](google/osv-scanner#2453) Switch from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3
• [Misc #2447](google/osv-scanner#2447) Include bun.lock as a supported lockfile
• [Misc #2444](google/osv-scanner#2444) Document GoVersionOverride in configuration.md

Full Changelog: google/osv-scanner@v2.3.1...v2.3.2

Commits

• 2a387ed Merge pull request #116 from google/update-to-v2.3.2
• f75042f Update unified workflow example to point to v2.3.2 reusable workflows
• 17ad728 Update reusable workflows to point to v2.3.2 actions
• 9eebeae "Update actions to use v2.3.2 osv-scanner image"
• dcf7b89 Merge pull request #114 from renovate-bot/renovate/major-workflows
• 6bcc4fa Merge pull request #113 from renovate-bot/renovate/workflows
• 70f7395 chore(deps): update github/codeql-action action to v4.31.9
• 7c3c2a7 chore(deps): update workflows
• a239d86 Merge pull request #109 from renovate-bot/renovate/major-workflows
• 5345c88 chore(deps): update actions/checkout action to v6
• See full diff in compare view

Updates actions/setup-node from 6.1.0 to 6.2.0

Release notes

Sourced from actions/setup-node's releases.

v6.2.0

What's Changed

Documentation

• Documentation update related to absence of Lockfile by @​mahabaleshwars in actions/setup-node#1454
• Correct mirror option typos by @​MikeMcC399 in actions/setup-node#1442
• Readme update on checkout version v6 by @​deining in actions/setup-node#1446
• Readme typo fixes @​munyari in actions/setup-node#1226
• Advanced document update on checkout version v6 by @​aparnajyothi-y in actions/setup-node#1468

Dependency updates:

• Upgrade @​actions/cache to v5.0.1 by @​salmanmkc in actions/setup-node#1449

New Contributors

• @​mahabaleshwars made their first contribution in actions/setup-node#1454
• @​MikeMcC399 made their first contribution in actions/setup-node#1442
• @​deining made their first contribution in actions/setup-node#1446
• @​munyari made their first contribution in actions/setup-node#1226

Full Changelog: actions/setup-node@v6...v6.2.0

Commits

• 6044e13 Docs: bump actions/checkout from v5 to v6 (#1468)
• 8e49463 Fix README typo (#1226)
• 621ac41 README.md: bump to latest released checkout version v6 (#1446)
• 2951748 Bump @​actions/cache to v5.0.1 (#1449)
• 21ddc7b Correct mirror option typos (#1442)
• 65d868f Update Documentation for Lockfile (#1454)
• See full diff in compare view

Updates peter-evans/create-pull-request from 8.0.0 to 8.1.0

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v8.1.0

What's Changed

• README.md: bump given GitHub actions to their latest versions by @​deining in peter-evans/create-pull-request#4265
• build(deps): bump the github-actions group with 2 updates by @​dependabot[bot] in peter-evans/create-pull-request#4273
• build(deps-dev): bump the npm group with 2 updates by @​dependabot[bot] in peter-evans/create-pull-request#4274
• build(deps-dev): bump undici from 6.22.0 to 6.23.0 by @​dependabot[bot] in peter-evans/create-pull-request#4284
• Update distribution by @​actions-bot in peter-evans/create-pull-request#4289
• fix: Handle remote prune failures gracefully on self-hosted runners by @​peter-evans in peter-evans/create-pull-request#4295
• feat: add @​octokit/plugin-retry to handle retriable server errors by @​peter-evans in peter-evans/create-pull-request#4298

New Contributors

• @​deining made their first contribution in

[dependabot]

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[Nick2bad4u]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud