chore(deps): bump the github-actions group with 15 updates

[dependabot]

Bumps the github-actions group with 15 updates:

Package	From	To
step-security/harden-runner	2.14.1	2.15.0
devops-actions/actionlint	0.1.10	0.1.11
github/codeql-action	4.32.0	4.32.4
actions/dependency-review-action	4.8.2	4.8.3
actions/upload-artifact	6.0.0	7.0.0
nick2bad4u/generate-repo-file-list	f1342075abdb94a6134398776eafce7931fd1444	07b49868e86da4ee6121ea33b3f2beabd87bb87f
oxsecurity/megalinter	9.3.0	9.4.0
oke-py/npm-audit-action	3.0.0	4.0.1
google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml	2.3.2	2.3.3
google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml	2.3.2	2.3.3
actions/stale	10.1.1	10.2.0
actions/ai-inference	2.0.5	2.0.7
super-linter/super-linter	8.4.0	8.5.0
trufflesecurity/trufflehog	3.92.5	3.93.6
crate-ci/typos	1.42.3	1.44.0

Updates step-security/harden-runner from 2.14.1 to 2.15.0

Release notes

Sourced from step-security/harden-runner's releases.

v2.15.0

What's Changed

Windows and macOS runner support

We are excited to announce that Harden Runner now supports Windows and macOS runners, extending runtime security beyond Linux for the first time.

Insights for Windows and macOS runners will be displayed in the same consistent format you are already familiar with from Linux runners, giving you a unified view of runtime activity across all platforms.

Full Changelog: step-security/harden-runner@v2.14.2...v2.15.0

v2.14.2

What's Changed

Security fix: Fixed a medium severity vulnerability where outbound network connections using sendto, sendmsg, and sendmmsg socket system calls could bypass audit logging when using egress-policy: audit. This issue only affects the Community Tier in audit mode; block mode and Enterprise Tier were not affected. See GHSA-cpmj-h4f6-r6pq for details.

Full Changelog: step-security/harden-runner@v2.14.1...v2.14.2

Commits

• a90bcbc Update readme (#637)
• f0a59d8 Release v2.15.0 (#639)
• 5ef0c07 Merge pull request #635 from step-security/rc-34
• eb43c7b update agent
• See full diff in compare view

Updates devops-actions/actionlint from 0.1.10 to 0.1.11

Release notes

Sourced from devops-actions/actionlint's releases.

Release v0.1.11

What's Changed

• Update actionlint version to 1.7.11 by @​github-actions[bot] in devops-actions/actionlint#161

Dependency updates (GitHub Actions)

• Bump github/codeql-action from 4.31.2 to 4.31.6 by @​dependabot[bot] in devops-actions/actionlint#127
• Bump actions/dependency-review-action from 4.8.1 to 4.8.2 by @​dependabot[bot] in devops-actions/actionlint#125
• Bump actions/checkout from 5.0.0 to 6.0.0 by @​dependabot[bot] in devops-actions/actionlint#123
• Bump actions/upload-artifact from 4.6.2 to 5.0.0 by @​dependabot[bot] in devops-actions/actionlint#122
• Bump github/codeql-action from 4.31.6 to 4.31.7 by @​dependabot[bot] in devops-actions/actionlint#137
• Bump actions/checkout from 6.0.0 to 6.0.1 by @​dependabot[bot] in devops-actions/actionlint#136
• Bump step-security/harden-runner from 2.13.2 to 2.13.3 by @​dependabot[bot] in devops-actions/actionlint#135
• Bump actions/upload-artifact from 5.0.0 to 6.0.0 by @​dependabot[bot] in devops-actions/actionlint#140
• Bump jessehouwing/actions-semver-checker from 1.0.7 to 1.0.8 by @​dependabot[bot] in devops-actions/actionlint#142
• Bump github/codeql-action from 4.31.7 to 4.31.8 by @​dependabot[bot] in devops-actions/actionlint#141
• Bump step-security/harden-runner from 2.13.3 to 2.14.0 by @​dependabot[bot] in devops-actions/actionlint#139
• Bump github/codeql-action from 4.31.8 to 4.31.9 by @​dependabot[bot] in devops-actions/actionlint#143
• Bump devops-actions/issue-comment-tag from 0.1.8 to 0.1.9 by @​dependabot[bot] in devops-actions/actionlint#152
• Bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in devops-actions/actionlint#153
• Bump jessehouwing/actions-semver-checker from 1.0.8 to 1.0.9 by @​dependabot[bot] in devops-actions/actionlint#155
• Bump step-security/harden-runner from 2.14.0 to 2.14.1 by @​dependabot[bot] in devops-actions/actionlint#154
• Bump jessehouwing/actions-semver-checker from 1.0.9 to 2.0.3 by @​dependabot[bot] in devops-actions/actionlint#156
• Bump step-security/harden-runner from 2.14.1 to 2.14.2 by @​dependabot[bot] in devops-actions/actionlint#157
• Bump jessehouwing/actions-semver-checker from 2.0.3 to 2.0.4 by @​dependabot[bot] in devops-actions/actionlint#159

Other Changes

• Add reusable actions-dependencies workflow by @​rajbos in devops-actions/actionlint#128
• Add reusable issue-pr-tag workflow by @​rajbos in devops-actions/actionlint#129
• Update actionlint version to 1.7.9 by @​github-actions[bot] in devops-actions/actionlint#126
• Add top-level permissions to issue-pr-tag workflow by @​rajbos in devops-actions/actionlint#130
• Add top-level permissions: contents: read to all workflows by @​rajbos in devops-actions/actionlint#131
• add top level permissions by @​rajbos in devops-actions/actionlint#132
• Update actionlint version to 1.7.9 by @​github-actions[bot] in devops-actions/actionlint#138
• Standardize dependency-review workflow to use reusable workflow by @​rajbos in devops-actions/actionlint#146
• Standardize workflows to use reusable workflows from .github repo by @​rajbos in devops-actions/actionlint#145
• Add release notes categories by @​rajbos in devops-actions/actionlint#150
• Fix update-actionlint workflow failing on repeated runs by @​Copilot in devops-actions/actionlint#160

Full Changelog: devops-actions/actionlint@v0.1.10...v0.1.11

Commits

• 469810f Update actionlint version to 1.7.11 (#161)
• 16325c3 Fix update-actionlint workflow failing on repeated runs (#160)
• 1911209 Merge pull request #159 from devops-actions/dependabot/github_actions/jesseho...
• 0a8db88 Bump jessehouwing/actions-semver-checker from 2.0.3 to 2.0.4
• be93a3d Bump step-security/harden-runner from 2.14.1 to 2.14.2 (#157)
• 7e2800d Merge pull request #156 from devops-actions/dependabot/github_actions/jesseho...
• 4cb1ad0 Bump jessehouwing/actions-semver-checker from 1.0.9 to 2.0.3
• 191d0bc Bump step-security/harden-runner from 2.14.0 to 2.14.1 (#154)
• 9b61223 Merge pull request #155 from devops-actions/dependabot/github_actions/jesseho...
• 6154f0a Bump jessehouwing/actions-semver-checker from 1.0.8 to 1.0.9
• Additional commits viewable in compare view

Updates github/codeql-action from 4.32.0 to 4.32.4

Release notes

Sourced from github/codeql-action's releases.

v4.32.4

• Update default CodeQL bundle version to 2.24.2. #3493
• Added an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when private package registries are configured. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. #3473
• When the CodeQL Action is run with debugging enabled in Default Setup and private package registries are configured, the "Setup proxy for registries" step will output additional diagnostic information that can be used for troubleshooting. #3486
• Added a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. #3485
• Added a setting which enables GitHub-managed workflows, such as Default Setup, to use a nightly CodeQL CLI release instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. #3484

v4.32.3

• Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #3466

v4.32.2

• Update default CodeQL bundle version to 2.24.1. #3460

v4.32.1

• A warning is now shown in Default Setup workflow logs if a private package registry is configured using a GitHub Personal Access Token (PAT), but no username is configured. #3422
• Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. #3421

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.32.4 - 20 Feb 2026

• Update default CodeQL bundle version to 2.24.2. #3493
• Added an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when private package registries are configured. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. #3473
• When the CodeQL Action is run with debugging enabled in Default Setup and private package registries are configured, the "Setup proxy for registries" step will output additional diagnostic information that can be used for troubleshooting. #3486
• Added a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. #3485
• Added a setting which enables GitHub-managed workflows, such as Default Setup, to use a nightly CodeQL CLI release instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. #3484

4.32.3 - 13 Feb 2026

• Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #3466

4.32.2 - 05 Feb 2026

• Update default CodeQL bundle version to 2.24.1. #3460

4.32.1 - 02 Feb 2026

• A warning is now shown in Default Setup workflow logs if a private package registry is configured using a GitHub Personal Access Token (PAT), but no username is configured. #3422
• Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. #3421

4.32.0 - 26 Jan 2026

• Update default CodeQL bundle version to 2.24.0. #3425

4.31.11 - 23 Jan 2026

• When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
• Improved error handling throughout the CodeQL Action. #3415
• Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
• The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403

4.31.10 - 12 Jan 2026

• Update default CodeQL bundle version to 2.23.9. #3393

4.31.9 - 16 Dec 2025

No user facing changes.

4.31.8 - 11 Dec 2025

... (truncated)

Commits

• 89a39a4 Merge pull request #3494 from github/update-v4.32.4-39ba80c47
• e5d84c8 Apply remaining review suggestions
• 0c20209 Apply suggestions from code review
• 314172e Fix typo
• cdda72d Add changelog entries
• cfda84c Update changelog for v4.32.4
• 39ba80c Merge pull request #3493 from github/update-bundle/codeql-bundle-v2.24.2
• 00150da Add changelog note
• d97dce6 Update default bundle to codeql-bundle-v2.24.2
• 50fdbb9 Merge pull request #3492 from github/henrymercer/new-repository-properties-ff
• Additional commits viewable in compare view

Updates actions/dependency-review-action from 4.8.2 to 4.8.3

Release notes

Sourced from actions/dependency-review-action's releases.

4.8.3

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

• GitHub Actions can't push to our protected main by @​dangoor in actions/dependency-review-action#1017
• Bump actions/stale from 9.1.0 to 10.1.0 by @​dependabot[bot] in actions/dependency-review-action#995
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in actions/dependency-review-action#1003
• Bump actions/setup-node from 4 to 6 by @​dependabot[bot] in actions/dependency-review-action#1005
• Upgrade glob to address a vulnerability by @​brrygrdn in actions/dependency-review-action#1024
• Bump js-yaml by @​dependabot[bot] in actions/dependency-review-action#1020
• Addressing vulnerabilities by @​Ahmed3lmallah in actions/dependency-review-action#1036
• Bump fast-xml-parser from 5.3.3 to 5.3.5 by @​dependabot[bot] in actions/dependency-review-action#1050
• Bump fast-xml-parser from 5.3.5 to 5.3.6 by @​dependabot[bot] in actions/dependency-review-action#1053
• Properly truncate long summaries and catch errors by @​juxtin in actions/dependency-review-action#1052
• Bump spdx-expression-parse from 3.0.1 to 4.0.0 in the spdx-licenses group across 1 directory by @​dependabot[bot] in actions/dependency-review-action#931
• Changes for Release 4.8.3 by @​ahpook in actions/dependency-review-action#1054

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3

Commits

• 05fe457 Merge pull request #1054 from actions/ahpook/release-4.8.3
• 3a8496c Update generated package files for v4.8.3
• 0f22a01 Update CONTRIBUTING for new release process
• 58be343 Updating package versions for 4.8.3
• 9284e0c Merge pull request #931 from actions/dependabot/npm_and_yarn/spdx-licenses-20...
• 8b76656 Bump spdx-expression-parse in the spdx-licenses group across 1 directory
• 43f5f02 Merge pull request #1052 from actions/juxtin/fix-long-summaries
• f0033fc Merge pull request #1053 from actions/dependabot/npm_and_yarn/fast-xml-parser...
• b379e2e Bump fast-xml-parser from 5.3.5 to 5.3.6
• 2e1cf54 Properly truncate long summaries and catch errors
• Additional commits viewable in compare view

Updates actions/upload-artifact from 6.0.0 to 7.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Add proxy integration test by @​Link- in actions/upload-artifact#754
• Upgrade the module to ESM and bump dependencies by @​danwkennedy in actions/upload-artifact#762
• Support direct file uploads by @​danwkennedy in actions/upload-artifact#764

New Contributors

• @​Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits

• bbbca2d Support direct file uploads (#764)
• 589182c Upgrade the module to ESM and bump dependencies (#762)
• 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
• 02a8460 Add proxy integration test
• See full diff in compare view

Updates nick2bad4u/generate-repo-file-list from f1342075abdb94a6134398776eafce7931fd1444 to 07b49868e86da4ee6121ea33b3f2beabd87bb87f

Commits

• 07b4986 Merge PR #40
• 7633960 Merge PR #41
• 6f00b75 Bump the github-actions group with 6 updates
• 0fa4e2b Bump tqdm from 4.67.1 to 4.67.2 in the github-actions group
• See full diff in compare view

Updates oxsecurity/megalinter from 9.3.0 to 9.4.0

Release notes

Sourced from oxsecurity/megalinter's releases.

v9.4.0

What's Changed

• Core

  • Improve files browsing performances (2 PRs)
  • Optimize parallel linter processing and improve grouping logic
  • Improve performance of listing .gitignored files by sending excluded directories to git ls-files
  • If there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances
  • Reduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules
  • Cache subprocess environment per linter run and excluded directories per request
  • Optimize parallel linter result update from O(n²) to O(n)
  • Add support in the build of Docker images for linux/arm64 in compatible linters

• New linters

  • Add PYTHON_NBQA_MYPY for type-checking Jupyter notebooks using nbqa + mypy

• Disabled linters

  • LUA_SELENE: Kampfkarren/selene#662

• Linters enhancements

  • Use the official checkmake image by @​bdovaz
  • Spectral: Add sarif support to spectral by @​bdovaz
  • Spectral: Change cli_lint_mode to list_of_files to improve performances

• Fixes

  • Add support for SSH remote origins when building custom flavors (fixes: #6511)
  • Fix issue with plugins ignored when FLAVOR_SUGGESTIONS=false
  • Fix wrong tagging apply_fixes=True when linter has no fix options configured
  • Python mypy: Remove .ipynb from file extensions (mypy doesn't support notebooks directly) - fixes #6904
  • Fix operator precedence bug in pre_post_factory pre/post command logic
  • Fix file handle leak in GitleaksLinter
  • Fix variable name bug in utils.get_git_context_info
  • Minor fixes in logger, SqlFluffLinter, PowershellLinter, TrivyLinter

• Reporters

  • Add a link inviting to star MegaLinter
  • Display in the console reporter the working directory from which the commands are executed by @​bdovaz
  • Update WebHook reporter so it can send more events for a better integration with UI
  • When truncating long comments in markdown reports, keep the end of the text instead of the beginning (which usually contains less useful information)
  • In case GitHub Api returns 500, do not make the whole MegaLinter fail, display a warning instead
  • Azure Reporter: Use Azure DevOps Services REST API instead of unmaintained python wrapper lib

• Flavors

  • Custom flavor builder:
    • Add support for SSH remotes
    • Allow selection of platforms to build the custom flavor on (ex: linux/amd64, linux/arm64) and build compatible linters on these platforms
    • Build & release custom flavor builder image for linux/arm64

• Doc

  • JSON Schema: Add default values for file extensions and file names variables + improve descriptions

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

• Core

• New linters

• Disabled linters

• Deprecated linters

• Removed linters

• Media

• Linters enhancements

• Fixes

• Reporters

• Flavors

• Doc

• CI

• mega-linter-runner

• Linter versions upgrades (N)

  • isort from 8.0.0 to 8.0.1 on 2026-02-28

[v9.4.0] - 2026-02-28

• Core
  • Improve files browsing performances (2 PRs)
  • Optimize parallel linter processing and improve grouping logic
  • Improve performance of listing .gitignored files by sending excluded directories to git ls-files
  • If there are more than 500 .gitignored files, advise to add more excluded directories using variable ADDITIONAL_EXCLUDED_DIRECTORIES, to improve performances
  • Reduce redundant config lookups, environment copies, and dict rebuilds across config, linter, and utils modules
  • Cache subprocess environment per linter run and excluded directories per request
  • Optimize parallel linter result update from O(n²) to O(n)

... (truncated)

Commits

• 8fbdead Release MegaLinter v9.4.0
• 9f605c4 Fix custom flavor builder workflow (#7306)
• b7dcb60 Update changelog to prepare release (#7304)
• 3077b04 chore(deps): update dependency regex to v2026.2.28 (#7303)
• edba876 [automation] Auto-update linters version, help and documentation (#7299)
• 07fb84d chore(deps): update dependency python-gitlab to v8.1.0 (#7302)
• 4d42e33 chore(deps): update dependency fastapi to v0.134.0 (#7301)
• 649726c chore(deps): update dependency rumdl to v0.1.32 (#7300)
• 768b5a3 chore(deps): update dependency virtualenv to v21.1.0 (#7298)
• 7e73a76 chore(deps): update dependency eslint-plugin-jsonc to v3 (#7260)
• Additional commits viewable in compare view

Updates oke-py/npm-audit-action from 3.0.0 to 4.0.1

Release notes

Sourced from oke-py/npm-audit-action's releases.

v4.0.1

What's Changed

Other Changes

• chore(deps): bump vite to 7.3.1 by @​oke-py in oke-py/npm-audit-action#310
• refactor(input): use getBooleanInput and trim inputs by @​oke-py in oke-py/npm-audit-action#311
• refactor(workdir): centralize input normalization by @​oke-py in oke-py/npm-audit-action#312
• test(coverage): exclude fixtures and tests by @​oke-py in oke-py/npm-audit-action#313
• refactor(input): centralize input parsing by @​oke-py in oke-py/npm-audit-action#314
• refactor(pr): extract pull request handling by @​oke-py in oke-py/npm-audit-action#315
• refactor(issue): extract issue handling by @​oke-py in oke-py/npm-audit-action#316
• chore: add husky hooks for biome and tests by @​oke-py in oke-py/npm-audit-action#317
• chore(release): unify release flow and set v4.0.1 by @​oke-py in oke-py/npm-audit-action#318

Full Changelog: oke-py/npm-audit-action@v4...v4.0.1

v4.0.0

Summary

• major release v4.0.0
• update runtime from node20 to node24
• update dependencies

Changes

• version bump to 4.0.0
• update README and workflows to use v4

Commits

• f02a3cf Merge pull request #318 from oke-py/chore/release-flow
• ec06595 docs: unify release process
• 3caf7bb chore(release): drop PR label bump and set v4.0.1
• c121642 Merge pull request #317 from oke-py/chore/husky-biome
• 69ef773 fix(deps): dedupe husky and lint-staged
• 11ac110 chore: add husky hooks for biome and tests
• b74e8be chore: update dist [skip ci]
• 7ed8760 Merge pull request #316 from oke-py/chore/issue-handler
• 34b44fd refactor(issue): extract issue handling
• f5aee93 chore: update dist [skip ci]
• Additional commits viewable in compare view

Updates google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml from 2.3.2 to 2.3.3

Release notes

Sourced from google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml's releases.

v2.3.3

This updates OSV-Scanner to v2.3.3.

What's Changed

• chore(deps): update github/codeql-action action to v4.31.10 by @​renovate-bot in google/osv-scanner-action#115
• Update to v2.3.3 by @​Ly-Joey in google/osv-scanner-action#118

New Contributors

• @​Ly-Joey made their first contribution in google/osv-scanner-action#118

Full Changelog: google/osv-scanner-action@v2.3.2...v2.3.3

Commits

• c5996e0 Merge pull request #118 from google/update-to-v2.3.3
• f4fac92 Update unified workflow example to point to v2.3.3 reusable workflows
• 8ae4be8 Update reusable workflows to point to v2.3.3 actions
• 8018483 "Update actions to use v2.3.3 osv-scanner image"
• 2c222db Merge pull request #115 from renovate-bot/renovate/workflows
• 115472d chore(deps): update github/codeql-action action to v4.31.10
• See full diff in compare view

Updates google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml from 2.3.2 to 2.3.3

Release notes

Sourced from google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml's releases.

v2.3.3

This updates OSV-Scanner to v2.3.3.

What's Changed

• chore(deps): update github/codeql-action action to v4.31.10 by @​renovate-bot in google/osv-scanner-action#115
• Update to v2.3.3 by @​Ly-Joey in google/osv-scanner-action#118

New Contributors

• @​Ly-Joey made their first contribution in google/osv-scanner-action#118

Full Changelog: google/osv-scanner-action@v2.3.2...v2.3.3

Commits

• c5996e0 Merge pull request #118 from google/update-to-v2.3.3
• f4fac92 Update unified workflow example to point to v2.3.3 reusable workflows
• 8ae4be8 Update reusable workflows to point to v2.3.3 actions
• 8018483 "Update actions to use v2.3.3 osv-scanner image"
• 2c222db Merge pull request #115 from renovate-bot/renovate/workflows
• 115472d chore(deps): update github/codeql-action action to v4.31.10
• See full diff in compare view

Updates actions/stale from 10.1.1 to 10.2.0

Release notes

Sourced from actions/stale's releases.

v10.2.0

What's Changed

Bug Fix

• Fix checking state cache (fix #1136) and switch to Octokit helper methods by @​itchyny in actions/stale#1152

Dependency Updates

• Upgrade js-yaml from 4.1.0 to 4.1.1 by @​dependabot in actions/stale#1304
• Upgrade lodash from 4.17.21 to 4.17.23 by @​dependabot in actions/stale#1313
• Upgrade actions/cache from 4.0.3 to 5.0.2 and actions/github from 5.1.1 to 7.0.0 by @​chiranjib-swain in actions/stale#1312

New Contributors

• @​itchyny made their first contribution in actions/stale#1152

Full Changelog: actions/stale@v10...v10.2.0

Commits

• b5d41d4 build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#1313)
• dcd2b94 Fix punycode and url.parse Deprecation Warnings (#1312)
• d6f8a33 build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#1304)
• a21a081 Fix checking state cache (fix #1136), also switch to octokit methods (#1152)
• See full diff in compare view

Updates actions/ai-inference from 2.0.5 to 2.0.7

Release notes

Sourced from actions/ai-inference's releases.

v2.0.7

What's Changed

• Support passing max_tokens and max_completion_tokens by @​GitPaulo in actions/ai-inference#173

Full Changelog: actions/ai-inference@v2...v2.0.7

v2.0.6

What's Changed

• Add model parameters temperature and topP to action inputs by @​GitPaulo in actions/ai-inference#168
• chore(deps): bump lodash from 4.17.21 to 4.17.23 by @​dependabot[bot] in actions/ai-inference#164
• chore(deps): bump @​rollup/rollup-linux-x64-gnu from 4.52.5 to 4.55.1 by @​dependabot[bot] in actions/ai-inference#160
• Update deprecated max_tokens to max_completion_tokens by @​GitPaulo in actions/ai-inference#170

New Contributors

• @​GitPaulo made their first contribution in actions/ai-inference#168

Full Changelog: actions/ai-inference@v2.0.5...v2.0.6

Commits

• e09e659 Merge pull request #173 from GitPaulo/main
• e608d2b update dist
• 27965bc updated docs for missing prompt.yml model parameters
• a8bddad update dist

[dependabot]

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[Nick2bad4u]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud