{"id":810,"name":"step-security/harden-runner","ecosystem":"actions","repository_url":"https://github.com/step-security/harden-runner","issues_count":8248,"created_at":"2025-06-06T15:01:37.725Z","updated_at":"2025-06-06T15:01:37.725Z","purl":"pkg:githubactions/step-security/harden-runner","metadata":{"id":5806609,"name":"step-security/harden-runner","ecosystem":"actions","description":"Harden-Runner provides runtime security for GitHub-hosted and self-hosted runners","homepage":"https://www.stepsecurity.io","licenses":"apache-2.0","normalized_licenses":["Apache-2.0"],"repository_url":"https://github.com/step-security/harden-runner","keywords_array":["actions","egress-filtering","github-actions","hardening","network-security","runners","runtime-security","security-hardening","supply-chain-security"],"namespace":"step-security","versions_count":49,"first_release_published_at":"2021-11-19T15:21:41.000Z","latest_release_published_at":"2025-04-21T19:01:51.000Z","latest_release_number":"v2.12.0","last_synced_at":"2025-06-05T20:01:41.911Z","created_at":"2023-01-04T16:20:44.106Z","updated_at":"2025-06-05T20:01:41.911Z","registry_url":"https://github.com/step-security/harden-runner","install_command":null,"documentation_url":null,"metadata":{"name":"Harden-Runner","description":"Harden-Runner provides runtime security for GitHub-hosted and self-hosted runners","inputs":{"allowed-endpoints":{"description":"Only these endpoints will be allowed if egress-policy is set to block","required":false,"default":""},"egress-policy":{"description":"Policy for outbound traffic, can be either audit or block","required":false,"default":"block"},"token":{"description":"Used to avoid github rate limiting","default":"${{ github.token }}"},"disable-telemetry":{"description":"Disable sending telemetry to StepSecurity API, can be set to true or false. This can only be set to true when egress-policy is set to block","required":false,"default":"false"},"disable-sudo":{"description":"Disable sudo access for the runner account. Note: This parameter will be deprecated in the future. Please use disable-sudo-and-containers instead.","required":false,"default":"false"},"disable-sudo-and-containers":{"description":"Disable sudo and container access for the runner account","required":false,"default":"false"},"disable-file-monitoring":{"description":"Disable file monitoring","required":false,"default":"false"},"policy":{"description":"Policy name to be used from the policy store","required":false,"default":""}},"branding":{"icon":"check-square","color":"green"},"runs":{"using":"node20","pre":"dist/pre/index.js","main":"dist/index.js","post":"dist/post/index.js"},"default_branch":"main","path":null},"repo_metadata":{"id":38015748,"uuid":"422287306","full_name":"step-security/harden-runner","owner":"step-security","description":"Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-time.","archived":false,"fork":false,"pushed_at":"2025-04-17T21:32:53.000Z","size":25431,"stargazers_count":805,"open_issues_count":35,"forks_count":69,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-04-20T19:38:28.099Z","etag":null,"topics":["actions","egress-filtering","github-actions","hardening","network-security","runners","runtime-security","security-hardening","supply-chain-security"],"latest_commit_sha":null,"homepage":"https://www.stepsecurity.io","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/step-security.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-10-28T16:58:46.000Z","updated_at":"2025-04-19T17:37:01.000Z","dependencies_parsed_at":"2023-09-25T04:20:52.235Z","dependency_job_id":"e3b04652-4d0a-411a-aa0c-687c33316b71","html_url":"https://github.com/step-security/harden-runner","commit_stats":{"total_commits":339,"total_committers":10,"mean_commits":33.9,"dds":0.4336283185840708,"last_synced_commit":"91182cccc01eb5e619899d80e4e971d6181294a7"},"previous_names":[],"tags_count":48,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/step-security","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249977523,"owners_count":21354863,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"step-security","name":"StepSecurity","uuid":"88700172","kind":"organization","description":"Secure your GitHub Actions with StepSecurity: Your Trusted CI/CD Security Partner","email":"interest@stepsecurity.io","website":"https://www.stepsecurity.io","location":"United States of America","twitter":"step_security","company":null,"icon_url":"https://avatars.githubusercontent.com/u/88700172?v=4","repositories_count":28,"last_synced_at":"2024-04-23T11:39:40.117Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/step-security","funding_links":[],"total_stars":1443,"followers":91,"following":0,"created_at":"2022-11-14T05:19:49.352Z","updated_at":"2024-04-23T11:40:00.834Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/step-security","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/step-security/repositories"},"tags":[{"name":"v2.12.0","sha":"0634a2670c59f64b4a01f0f96f84700a4088b9f0","kind":"commit","published_at":"2025-04-21T19:01:51.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.12.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.12.0","dependencies_parsed_at":null,"dependency_job_id":"7f7bd265-1b6d-42fa-ad4d-6032c227f5e0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.12.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.12.0/manifests"},{"name":"v2.11.1","sha":"c6295a65d1254861815972266d5933fd6e532bdf","kind":"commit","published_at":"2025-04-01T19:08:07.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.11.1","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.11.1","dependencies_parsed_at":"2025-04-15T04:13:47.419Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.11.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.11.1/manifests"},{"name":"v2.11.0","sha":"4d991eb9b905ef189e4c376166672c3f2f230481","kind":"commit","published_at":"2025-02-15T20:40:48.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.11.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.11.0","dependencies_parsed_at":"2025-04-15T04:13:49.047Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.11.0/manifests"},{"name":"v2.10.4","sha":"cb605e52c26070c328afc4562f0b4ada7618a84e","kind":"commit","published_at":"2025-01-20T00:28:44.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.10.4","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.10.4","dependencies_parsed_at":"2025-02-09T05:05:47.698Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.10.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.10.4/manifests"},{"name":"v2.10.3","sha":"c95a14d0e5bab51a9f56296a4eb0e416910cd350","kind":"commit","published_at":"2025-01-09T20:45:26.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.10.3","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.10.3","dependencies_parsed_at":"2025-01-10T04:52:24.169Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.10.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.10.3/manifests"},{"name":"v2.10.2","sha":"0080882f6c36860b6ba35c610c98ce87d4e2f26f","kind":"commit","published_at":"2024-11-18T20:58:05.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.10.2","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.10.2","dependencies_parsed_at":"2024-11-20T04:09:22.127Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.10.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.10.2/manifests"},{"name":"v2.10.1","sha":"91182cccc01eb5e619899d80e4e971d6181294a7","kind":"commit","published_at":"2024-09-11T05:42:27.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.10.1","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.10.1","dependencies_parsed_at":"2024-09-13T04:11:08.940Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.10.1/manifests"},{"name":"v2.10.0","sha":"446798f8213ac2e75931c1b0769676d927801858","kind":"commit","published_at":"2024-09-10T17:49:49.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.10.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.10.0","dependencies_parsed_at":"2024-09-12T04:20:26.577Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.10.0/manifests"},{"name":"v2.9.1","sha":"5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde","kind":"commit","published_at":"2024-08-05T22:25:32.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.9.1","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.9.1","dependencies_parsed_at":"2024-08-11T05:37:18.232Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.9.1/manifests"},{"name":"v2.9.0","sha":"0d381219ddf674d61a7572ddd19d7941e271515c","kind":"commit","published_at":"2024-07-18T17:09:31.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.9.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.9.0","dependencies_parsed_at":"2024-07-30T04:13:39.982Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.9.0/manifests"},{"name":"v2.8.1","sha":"17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6","kind":"commit","published_at":"2024-06-07T13:11:14.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.8.1","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.8.1","dependencies_parsed_at":"2024-06-09T04:20:40.185Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.8.1/manifests"},{"name":"v2.8.0","sha":"f086349bfa2bd1361f7909c78558e816508cdc10","kind":"commit","published_at":"2024-05-22T00:40:44.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.8.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.8.0","dependencies_parsed_at":null,"dependency_job_id":"f0396892-f0cf-4fe2-82be-f339c6df41f1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.8.0/manifests"},{"name":"v2.7.1","sha":"a4aa98b93cab29d9b1101a6143fb8bce00e2eac4","kind":"commit","published_at":"2024-04-29T20:53:33.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.7.1","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.7.1","dependencies_parsed_at":"2024-05-01T04:16:02.245Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.7.1/manifests"},{"name":"v2.7.0","sha":"63c24ba6bd7ba022e95695ff85de572c04a18142","kind":"commit","published_at":"2024-01-30T20:51:16.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.7.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.7.0","dependencies_parsed_at":"2024-02-03T04:18:35.997Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.7.0/manifests"},{"name":"v2.6.1","sha":"eb238b55efaa70779f274895e782ed17c84f2895","kind":"commit","published_at":"2023-11-16T20:43:19.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.6.1","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.6.1","dependencies_parsed_at":"2023-11-18T04:14:18.078Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.6.1/manifests"},{"name":"v2.6.0","sha":"1b05615854632b887b69ae1be8cbefe72d3ae423","kind":"commit","published_at":"2023-10-03T01:00:54.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.6.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.6.0","dependencies_parsed_at":"2023-10-04T04:37:29.684Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.6.0/manifests"},{"name":"v2.5.1","sha":"8ca2b8b2ece13480cda6dacd3511b49857a23c09","kind":"commit","published_at":"2023-08-09T16:09:14.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.5.1","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.5.1","dependencies_parsed_at":"2023-08-11T05:41:24.827Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.5.1/manifests"},{"name":"v2.5.0","sha":"cba0d00b1fc9a034e1e642ea0f1103c282990604","kind":"commit","published_at":"2023-07-24T18:30:49.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.5.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.5.0","dependencies_parsed_at":"2023-07-26T04:18:41.996Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.5.0/manifests"},{"name":"v2.4.1","sha":"55d479fb1c5bcad5a4f9099a5d9f37c8857b2845","kind":"commit","published_at":"2023-06-20T00:30:27.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.4.1","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.4.1","dependencies_parsed_at":"2023-07-20T14:16:50.780Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.4.1/manifests"},{"name":"v2.4.0","sha":"128a63446a954579617e875aaab7d2978154e969","kind":"commit","published_at":"2023-05-04T20:39:03.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.4.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.4.0","dependencies_parsed_at":"2023-07-20T14:16:52.869Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.4.0/manifests"},{"name":"v2.3.1","sha":"6b3083af2869dc3314a0257a42f4af696cc79ba3","kind":"commit","published_at":"2023-04-19T20:06:04.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.3.1","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.3.1","dependencies_parsed_at":"2023-07-20T14:16:51.506Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.3.1/manifests"},{"name":"v2.3.0","sha":"03bee3930647ebbf994244c21ddbc0d4933aab4f","kind":"commit","published_at":"2023-04-04T19:21:18.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.3.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.3.0","dependencies_parsed_at":"2023-07-20T14:16:52.829Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.3.0/manifests"},{"name":"v2.2.1","sha":"1f99358870fe1c846a3ccba386cc2b2246836776","kind":"commit","published_at":"2023-03-10T23:57:07.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.2.1","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.2.1","dependencies_parsed_at":"2023-07-20T14:16:54.062Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.2.1/manifests"},{"name":"v2.2.0","sha":"c8454efe5d0bdefd25384362fe217428ca277d57","kind":"commit","published_at":"2023-02-20T16:00:04.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.2.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.2.0","dependencies_parsed_at":"2023-07-20T14:16:54.055Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.2.0/manifests"},{"name":"v2.1.0","sha":"18bf8ad2ca49c14cbb28b91346d626ccfb00c518","kind":"commit","published_at":"2023-01-13T18:30:06.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.1.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.1.0","dependencies_parsed_at":"2023-07-20T14:16:52.919Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.1.0/manifests"},{"name":"v2.0.0","sha":"ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5","kind":"commit","published_at":"2022-11-08T23:19:16.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2.0.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2.0.0","dependencies_parsed_at":"2023-07-20T14:16:51.526Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2.0.0/manifests"},{"name":"v2","sha":"ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5","kind":"commit","published_at":"2022-11-08T23:19:16.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v2","html_url":"https://github.com/step-security/harden-runner/releases/tag/v2","dependencies_parsed_at":"2023-07-20T14:16:51.010Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v2/manifests"},{"name":"v1.5.0","sha":"2e205a28d0e1da00c5f53b161f4067b052c61f34","kind":"commit","published_at":"2022-09-29T17:35:13.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v1.5.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v1.5.0","dependencies_parsed_at":"2023-07-20T14:16:52.883Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.5.0/manifests"},{"name":"rc","sha":"dd2c410b088af7c0dc8046f3ac9a8f4148492a95","kind":"commit","published_at":"2022-08-12T17:28:41.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/rc","html_url":"https://github.com/step-security/harden-runner/releases/tag/rc","dependencies_parsed_at":"2023-07-20T14:16:53.373Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/rc","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/rc/manifests"},{"name":"v1","sha":"dd2c410b088af7c0dc8046f3ac9a8f4148492a95","kind":"commit","published_at":"2022-08-12T17:28:41.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v1","html_url":"https://github.com/step-security/harden-runner/releases/tag/v1","dependencies_parsed_at":"2023-07-20T14:16:52.832Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1/manifests"},{"name":"v1.4.5","sha":"dd2c410b088af7c0dc8046f3ac9a8f4148492a95","kind":"commit","published_at":"2022-08-12T17:28:41.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v1.4.5","html_url":"https://github.com/step-security/harden-runner/releases/tag/v1.4.5","dependencies_parsed_at":"2023-07-20T14:16:54.057Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.4.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.4.5/manifests"},{"name":"v1.4.4","sha":"74b568e8591fbb3115c70f3436a0c6b0909a8504","kind":"commit","published_at":"2022-07-01T22:46:22.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v1.4.4","html_url":"https://github.com/step-security/harden-runner/releases/tag/v1.4.4","dependencies_parsed_at":"2023-07-20T14:16:53.403Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.4.4/manifests"},{"name":"v1.4.3","sha":"248ae51c2e8cc9622ecf50685c8bf7150c6e8813","kind":"commit","published_at":"2022-05-02T01:10:56.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v1.4.3","html_url":"https://github.com/step-security/harden-runner/releases/tag/v1.4.3","dependencies_parsed_at":"2023-07-20T14:16:52.828Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.4.3/manifests"},{"name":"v1.4.2","sha":"34cbc43f0b10c9dda284e663cf43c2ebaf83e956","kind":"commit","published_at":"2022-04-22T16:13:39.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v1.4.2","html_url":"https://github.com/step-security/harden-runner/releases/tag/v1.4.2","dependencies_parsed_at":"2023-07-20T14:16:52.875Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.4.2/manifests"},{"name":"v1.4.1","sha":"9b0655f430fba8c7001d4e38f8d4306db5c6e0ab","kind":"commit","published_at":"2022-03-18T21:59:57.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v1.4.1","html_url":"https://github.com/step-security/harden-runner/releases/tag/v1.4.1","dependencies_parsed_at":"2023-07-20T14:16:52.861Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.4.1/manifests"},{"name":"v1.4.0","sha":"bdb12b622a910dfdc99a31fdfe6f45a16bc287a4","kind":"commit","published_at":"2022-02-13T16:33:49.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v1.4.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v1.4.0","dependencies_parsed_at":"2023-07-20T14:16:52.844Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.4.0/manifests"},{"name":"v1.3.0","sha":"14dc64f30986eaa2ad2dddcec073f5aab18e5a24","kind":"commit","published_at":"2022-01-12T03:52:48.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v1.3.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v1.3.0","dependencies_parsed_at":"2023-07-20T14:16:54.135Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.3.0/manifests"},{"name":"v1.2.0","sha":"382b675393c2c83a457a44e9bf5b129ec6995f38","kind":"commit","published_at":"2021-12-27T16:44:39.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v1.2.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v1.2.0","dependencies_parsed_at":"2023-07-20T14:16:51.467Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.2.0/manifests"},{"name":"v1.1.0","sha":"bb7f4132a6683afe78368c1ce7ec4cd5c132c993","kind":"commit","published_at":"2021-12-22T15:41:58.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v1.1.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v1.1.0","dependencies_parsed_at":"2023-07-20T14:16:54.097Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.1.0/manifests"},{"name":"v1.0.4","sha":"5d41baafe75a618828923a25ddbe5a7201085cc9","kind":"commit","published_at":"2021-12-18T00:41:42.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v1.0.4","html_url":"https://github.com/step-security/harden-runner/releases/tag/v1.0.4","dependencies_parsed_at":"2023-07-20T14:16:53.931Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.0.4/manifests"},{"name":"v1.0.3","sha":"50fa64266ccad6d5d09e10fe7cffde7c11034ed8","kind":"commit","published_at":"2021-12-17T20:57:04.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v1.0.3","html_url":"https://github.com/step-security/harden-runner/releases/tag/v1.0.3","dependencies_parsed_at":"2023-07-20T14:16:53.780Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.0.3/manifests"},{"name":"v1.0.2","sha":"dc71e894269c9d7314e1a161687b25f2b63b08d2","kind":"commit","published_at":"2021-12-15T17:07:30.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v1.0.2","html_url":"https://github.com/step-security/harden-runner/releases/tag/v1.0.2","dependencies_parsed_at":"2023-07-20T14:16:54.157Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.0.2/manifests"},{"name":"v1.0.1","sha":"99f91e655487198f8fad1b1984db68df32c15aea","kind":"commit","published_at":"2021-12-14T19:19:20.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v1.0.1","html_url":"https://github.com/step-security/harden-runner/releases/tag/v1.0.1","dependencies_parsed_at":"2023-07-20T14:16:53.481Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.0.1/manifests"},{"name":"v1.0.0","sha":"4f04fa9d0868ba0694e878f4e36cd7a158ec6c93","kind":"commit","published_at":"2021-12-06T20:38:45.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v1.0.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v1.0.0","dependencies_parsed_at":"2023-07-20T14:16:52.694Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v1.0.0/manifests"},{"name":"v0.4.0","sha":"dea7bd51ad9ea3da09c16c60ecd5b9de22cb8e92","kind":"commit","published_at":"2021-11-30T23:30:42.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v0.4.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v0.4.0","dependencies_parsed_at":"2023-07-20T14:16:52.737Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v0.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v0.4.0/manifests"},{"name":"v0.3.0","sha":"917f7d59f22e82a5ddcaef409923426fd7aa6327","kind":"commit","published_at":"2021-11-26T16:33:57.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v0.3.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v0.3.0","dependencies_parsed_at":"2023-07-20T14:16:52.336Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v0.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v0.3.0/manifests"},{"name":"v0.2.0","sha":"9bba600d5283565b3a64a4803023bb25fc309c6c","kind":"commit","published_at":"2021-11-26T00:32:25.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v0.2.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v0.2.0","dependencies_parsed_at":"2023-07-20T14:16:52.801Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v0.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v0.2.0/manifests"},{"name":"v0.1.1","sha":"7206db2ec98c5538323a6d70e51f965d55c11c87","kind":"commit","published_at":"2021-11-20T14:53:37.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v0.1.1","html_url":"https://github.com/step-security/harden-runner/releases/tag/v0.1.1","dependencies_parsed_at":"2023-07-20T14:16:52.780Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v0.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v0.1.1/manifests"},{"name":"v0.1.0","sha":"ac43fb3d7391d5fe5788f2170c6c2c255400f844","kind":"commit","published_at":"2021-11-19T15:21:41.000Z","download_url":"https://codeload.github.com/step-security/harden-runner/tar.gz/v0.1.0","html_url":"https://github.com/step-security/harden-runner/releases/tag/v0.1.0","dependencies_parsed_at":"2023-07-20T14:16:51.373Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v0.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fharden-runner/tags/v0.1.0/manifests"}]},"repo_metadata_updated_at":"2025-04-23T02:35:20.459Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":497,"rankings":{"downloads":null,"dependent_repos_count":1.5560133100934874,"dependent_packages_count":0.0,"stargazers_count":0.7352242116938679,"forks_count":2.861670099825701,"docker_downloads_count":null,"average":1.2882269054032642},"purl":"pkg:githubactions/step-security/harden-runner","advisories":[{"uuid":"GSA_kwCzR0hTQS1nODV2LXdmMjctNjd4Y84ABBec","url":"https://github.com/advisories/GHSA-g85v-wf27-67xc","title":"Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`","description":"### Summary\n\nVersions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables that could potentially be exploited under specific conditions. However, due to the current execution order of pre-steps in GitHub Actions and the placement of harden-runner as the first step in a job, the likelihood of exploitation is low as the Harden-Runner action reads the environment variable during the pre-step stage. There are no known exploits at this time. \n\n### Details\n\n1. setup.ts:169 [1]  performs `execSync` with a command that gets\ninvoked after interpretation by the shell. This command includes an\ninterpolated `process.env.USER` variable, which an attacker could\nmodify (without actually creating a new user) to inject arbitrary\nshell expressions into this `execSync`. This may or may not be likely\nin practice, but I believe the hygienic way to perform the underlying\noperation is to use `execFileSync` or similar and bypass the\nunderlying shell evaluation.\n\n2. setup.ts:229 [2] has a nearly identical `execSync` to (1) above,\nbut with `$USER` for shell-level interpolation rather than string\ninterpolation. However, this is still injectable and would be best\nreplaced by an `execFileSync`, per above.\n\n3. arc-runner:40-44 [3] has an `execSync` with multiple string\ninterpolations. Most of these do not appear immediately injectible\n(since they appear to come from presumed trusted API responses), but\nthe expansion of `getRunnerTempDir()` may be injectable due to its\ndependence on potentially attacker-controllable environment variables\n(e.g. `RUNNER_TEMP`). The underlying operation appears to be a trivial\nfile copy, so this entire subprocess should in theory be replaceable\nwith ordinary NodeJS `fs` API calls instead.\n\n4. arc-runner:53 [4] demonstrates the same weakness, and has the same\nresolution as (3).\n\n5. arc-runner:57 demonstrates the same weakness as (3) and (4), and\nhas the same resolution.\n\n6. arc-runner:61 demonstrates the same weakness as (3), (4), and (5),\nand has the same resolution.\n\n\n[1]: https://github.com/step-security/harden-runner/blob/951b48540b429070694bc8abd82fd6901eb123ca/src/setup.ts#L169\n\n[2]: https://github.com/step-security/harden-runner/blob/951b48540b429070694bc8abd82fd6901eb123ca/src/setup.ts#L229\n\n[3]: https://github.com/step-security/harden-runner/blob/951b48540b429070694bc8abd82fd6901eb123ca/src/arc-runner.ts#L40-L44\n\n[4]: https://github.com/step-security/harden-runner/blob/951b48540b429070694bc8abd82fd6901eb123ca/src/arc-runner.ts#L53\n\n[5]: https://github.com/step-security/harden-runner/blob/951b48540b429070694bc8abd82fd6901eb123ca/src/arc-runner.ts#L57\n\n[6]: https://github.com/step-security/harden-runner/blob/951b48540b429070694bc8abd82fd6901eb123ca/src/arc-runner.ts#L61","origin":"UNSPECIFIED","severity":"LOW","published_at":"2024-11-18T23:48:26.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":2.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","references":["https://github.com/step-security/harden-runner/security/advisories/GHSA-g85v-wf27-67xc","https://github.com/step-security/harden-runner/commit/0080882f6c36860b6ba35c610c98ce87d4e2f26f","https://nvd.nist.gov/vuln/detail/CVE-2024-52587","https://github.com/step-security/harden-runner/blob/951b48540b429070694bc8abd82fd6901eb123ca/src/arc-runner.ts#L40-L44","https://github.com/step-security/harden-runner/blob/951b48540b429070694bc8abd82fd6901eb123ca/src/arc-runner.ts#L53","https://github.com/step-security/harden-runner/blob/951b48540b429070694bc8abd82fd6901eb123ca/src/arc-runner.ts#L57","https://github.com/step-security/harden-runner/blob/951b48540b429070694bc8abd82fd6901eb123ca/src/arc-runner.ts#L61","https://github.com/step-security/harden-runner/blob/951b48540b429070694bc8abd82fd6901eb123ca/src/setup.ts#L169","https://github.com/step-security/harden-runner/blob/951b48540b429070694bc8abd82fd6901eb123ca/src/setup.ts#L229","https://github.com/advisories/GHSA-g85v-wf27-67xc"],"source_kind":"github","identifiers":["GHSA-g85v-wf27-67xc","CVE-2024-52587"],"repository_url":"https://github.com/step-security/harden-runner","blast_radius":1.0,"packages":[{"versions":[{"first_patched_version":"2.10.2","vulnerable_version_range":"\u003c 2.10.2"}],"ecosystem":"actions","package_name":"step-security/harden-runner"}],"created_at":"2024-11-19T00:06:52.463Z","updated_at":"2024-11-19T20:50:11.000Z","epss_percentage":0.00267,"epss_percentile":0.49961},{"uuid":"GSA_kwCzR0hTQS1teHIzLTh3aGotajc0cs4ABHEj","url":"https://github.com/advisories/GHSA-mxr3-8whj-j74r","title":"Harden-Runner allows evasion of 'disable-sudo' policy","description":"### Summary\nHarden-Runner includes a policy option `disable-sudo` to prevent the GitHub Actions runner user from using sudo. This is implemented by removing the runner user from the sudoers file. However, this control can be bypassed as the runner user, being part of the docker group, can interact with the Docker daemon to launch privileged containers or access the host filesystem. This allows the attacker to regain root access or restore the sudoers file, effectively bypassing the restriction. \n\nFor an attacker to bypass this control, they would first need the ability to run their malicious code (e.g., by a supply chain attack similar to tj-actions or exploiting a Pwn Request vulnerability)) on the runner. This vulnerability has been fixed in Harden-Runner version `v2.12.0`.\n\n### Impact\nAn attacker with the ability to run their malicious code on a runner configured with `disable-sudo: true` can escalate privileges to root using Docker, defeating the intended security control.\n\n### Affected Configuration\n•\tHarden-Runner configurations that use `disable-sudo: true` on GitHub-hosted runners or on ephemeral self-hosted VM-based runners.\n•\tThis issue does not apply to Kubernetes-based Actions Runner Controller (ARC) Harden-Runner.\n\n### Mitigation / Fix\nThis vulnerability has been fixed in Harden-Runner version `v2.12.0`. Users should migrate to the stronger `disable-sudo-and-containers` policy. This setting:\n•\tDisables sudo access,\n•\tRemoves access to dockerd and containerd sockets,\n•\tUninstalls Docker from the runner entirely, preventing container-based privilege escalation paths.\n\n\n### Additional Improvements\n•\tThe `disable-sudo` option will be deprecated in the future, as it does not sufficiently restrict privilege escalation on its own. \n•\tHarden-Runner now includes detections to alert on attempts to evade the `disable-sudo` policy.\n\n\n### Credits\nReported by @loresuso and @darryk10. We would like to thank them for collaborating with us to mitigate the vulnerability.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-04-22T01:07:03.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/step-security/harden-runner/security/advisories/GHSA-mxr3-8whj-j74r","https://nvd.nist.gov/vuln/detail/CVE-2025-32955","https://github.com/step-security/harden-runner/commit/0634a2670c59f64b4a01f0f96f84700a4088b9f0","https://github.com/step-security/harden-runner/releases/tag/v2.12.0","https://github.com/advisories/GHSA-mxr3-8whj-j74r"],"source_kind":"github","identifiers":["GHSA-mxr3-8whj-j74r","CVE-2025-32955"],"repository_url":"https://github.com/step-security/harden-runner","blast_radius":1.0,"packages":[{"versions":[{"first_patched_version":"2.12.0","vulnerable_version_range":"\u003e= 0.12.0, \u003c 2.12.0"}],"ecosystem":"actions","package_name":"step-security/harden-runner"}],"created_at":"2025-04-22T02:07:53.578Z","updated_at":"2025-04-22T01:07:04.000Z","epss_percentage":null,"epss_percentile":null}],"docker_usage_url":"https://docker.ecosyste.ms/usage/actions/step-security/harden-runner","docker_dependents_count":5,"docker_downloads_count":717541575,"usage_url":"https://repos.ecosyste.ms/usage/actions/step-security/harden-runner","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/actions/step-security/harden-runner/dependencies","status":null,"funding_links":[],"critical":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/step-security%2Fharden-runner/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/step-security%2Fharden-runner/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/step-security%2Fharden-runner/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/step-security%2Fharden-runner/related_packages","maintainers":[],"registry":{"name":"github actions","url":"https://github.com/marketplace/actions/","ecosystem":"actions","default":true,"packages_count":31615,"maintainers_count":0,"namespaces_count":19962,"keywords_count":6709,"github":"actions","metadata":{"funded_packages_count":2985},"icon_url":"https://github.com/actions.png","created_at":"2023-01-03T17:16:39.185Z","updated_at":"2025-06-06T06:00:12.453Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/namespaces"}},"unique_repositories_count":2641,"unique_repositories_count_past_30_days":203,"recent_issues":[{"uuid":"4609195576","node_id":"PR_kwDOBNnUgs7jtpan","number":1736,"state":"open","title":"chore(deps): bump the all group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-08T00:18:18.000Z","updated_at":"2026-06-08T00:25:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"all","update_count":9,"packages":[{"name":"step-security/harden-runner","old_version":"2.15.1","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/checkout","old_version":"6.0.2","new_version":"6.0.3","repository_url":"https://github.com/actions/checkout"},{"name":"actions/setup-node","old_version":"6.3.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-node"},{"name":"github/codeql-action","old_version":"4.32.6","new_version":"4.36.2","repository_url":"https://github.com/github/codeql-action"},{"name":"codecov/codecov-action","old_version":"5.5.2","new_version":"7.0.0","repository_url":"https://github.com/codecov/codecov-action"},{"name":"actions/dependency-review-action","old_version":"4.9.0","new_version":"5.0.0","repository_url":"https://github.com/actions/dependency-review-action"},{"name":"googleapis/release-please-action","old_version":"4.4.0","new_version":"5.0.0","repository_url":"https://github.com/googleapis/release-please-action"},{"name":"actions/upload-artifact","old_version":"7.0.0","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/stale","old_version":"10.2.0","new_version":"10.3.0","repository_url":"https://github.com/actions/stale"}],"path":null,"ecosystem":"actions"},"body":"Bumps the all group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.15.1` | `2.19.4` |\n| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` |\n| [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.36.2` |\n| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.2` | `7.0.0` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.9.0` | `5.0.0` |\n| [googleapis/release-please-action](https://github.com/googleapis/release-please-action) | `4.4.0` | `5.0.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |\n| [actions/stale](https://github.com/actions/stale) | `10.2.0` | `10.3.0` |\n\n\nUpdates `step-security/harden-runner` from 2.15.1 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/harden-runner/compare/58077d3c7e43986b6b15fba718e8ea69e387dfcc...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 6.0.2 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824\"\u003e\u003ccode\u003e1cce339\u003c/code\u003e\u003c/a\u003e Fix checkout init for SHA-256 repositories (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2439\"\u003e#2439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231\"\u003e\u003ccode\u003e900f221\u003c/code\u003e\u003c/a\u003e fix: expand merge commit SHA regex and add SHA-256 test cases (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2414\"\u003e#2414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98\"\u003e\u003ccode\u003e0c366fd\u003c/code\u003e\u003c/a\u003e Update changelog (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2357\"\u003e#2357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-node` from 6.3.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-node/releases\"\u003eactions/setup-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js versions in versions.yml and bump package to v6.4.0  by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1533\"\u003eactions/setup-node#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003e\u003ccode\u003e48b55a0\u003c/code\u003e\u003c/a\u003e Update Node.js versions in versions.yml and bump package to v6.4.0 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9\"\u003e\u003ccode\u003eab72c7e\u003c/code\u003e\u003c/a\u003e Upgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/setup-node/compare/53b83947a5a98c8d113130e565377fae1a50d02f...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.6 to 4.36.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.36.1\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.2 - 04 Jun 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.36.1 - 02 Jun 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8aad20d150bbac5944a9f9d289da16a4b0d87c1e\"\u003e\u003ccode\u003e8aad20d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3949\"\u003e#3949\u003c/a\u003e from github/update-v4.36.2-dcb947ce1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f521b08cd8f468ab193ea950a589cb2e9c869c6a\"\u003e\u003ccode\u003ef521b08\u003c/code\u003e\u003c/a\u003e Add additional changelog notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8aeff0ffb7b78582ee0d0e6eebb8140684400d08\"\u003e\u003ccode\u003e8aeff0f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/dcb947ce15976d40ea82935510b2db4872ec124c\"\u003e\u003ccode\u003edcb947c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3948\"\u003e#3948\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c251bcefa178f7780f62f150002acffe3d07fde9\"\u003e\u003ccode\u003ec251bce\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/62953c18b35f59e28351d2f1e806925aef8b1e3c\"\u003e\u003ccode\u003e62953c1\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/423b570baf1976cd7a3daeba5d6e9f9b76432f37\"\u003e\u003ccode\u003e423b570\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3946\"\u003e#3946\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-minor-5d507a...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c35d1b164463ee62a100735382aaaa525c5d3496\"\u003e\u003ccode\u003ec35d1b1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3947\"\u003e#3947\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/cb1a588b02755b176e7b9d033ed4b69312f0e1bd\"\u003e\u003ccode\u003ecb1a588\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3937\"\u003e#3937\u003c/a\u003e from github/robertbrignull/waitForProcessing_backoff\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ba47406412c54532b5b4fcfbaf877c9e2382b206\"\u003e\u003ccode\u003eba47406\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3943\"\u003e#3943\u003c/a\u003e from github/henrymercer/cache-cli-version-info\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/0d579ffd059c29b07949a3cce3983f0780820c98...8aad20d150bbac5944a9f9d289da16a4b0d87c1e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `codecov/codecov-action` from 5.5.2 to 7.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/releases\"\u003ecodecov/codecov-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cp\u003e⚠️ Due to migration issues with keybase, we are unable to update our keys under the \u003ccode\u003ecodecovsecurity\u003c/code\u003e account. We have deleted the account and are using \u003ccode\u003ecodecovsecops\u003c/code\u003e with the original gpg key\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove Enforce License Compliance workflow by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1950\"\u003ecodecov/codecov-action#1950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 7.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1957\"\u003ecodecov/codecov-action#1957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.1...v7.0.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.1...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cp\u003eThis is a copy of the \u003ccode\u003ev7.0.0\u003c/code\u003e release to make updates easier\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove Enforce License Compliance workflow by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1950\"\u003ecodecov/codecov-action#1950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 7.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1957\"\u003ecodecov/codecov-action#1957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: prevent template injection in run: steps (VULN-1652) by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1947\"\u003ecodecov/codecov-action#1947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 6.0.1 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1949\"\u003ecodecov/codecov-action#1949\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003e⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot;\u0026quot; by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1929\"\u003ecodecov/codecov-action#1929\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTh/6.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1928\"\u003ecodecov/codecov-action#1928\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.4...v6.0.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.4...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.4\u003c/h2\u003e\n\u003cp\u003eThis is a mirror of \u003ccode\u003ev5.5.2\u003c/code\u003e. \u003ccode\u003ev6\u003c/code\u003e will be released which requires \u003ccode\u003enode24\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot; by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1926\"\u003ecodecov/codecov-action#1926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 5.5.4 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1927\"\u003ecodecov/codecov-action#1927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.3...v5.5.4\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.3...v5.5.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md\"\u003ecodecov/codecov-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.5.2\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.1\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: overwrite pr number on fork by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1871\"\u003ecodecov/codecov-action#1871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.2 to 5.0.0 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1868\"\u003ecodecov/codecov-action#1868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1867\"\u003ecodecov/codecov-action#1867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update to use local app/ dir by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1872\"\u003ecodecov/codecov-action#1872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typo in README by \u003ca href=\"https://github.com/datalater\"\u003e\u003ccode\u003e@​datalater\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1866\"\u003ecodecov/codecov-action#1866\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument a \u003ccode\u003ecodecov-cli\u003c/code\u003e version reference example by \u003ca href=\"https://github.com/webknjaz\"\u003e\u003ccode\u003e@​webknjaz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1774\"\u003ecodecov/codecov-action#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1861\"\u003ecodecov/codecov-action#1861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1833\"\u003ecodecov/codecov-action#1833\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.0\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat: upgrade wrapper to 0.2.4 by \u003ca href=\"https://github.com/jviall\"\u003e\u003ccode\u003e@​jviall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1864\"\u003ecodecov/codecov-action#1864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/github-script by Git SHA by \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1859\"\u003ecodecov/codecov-action#1859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: check reqs exist by \u003ca href=\"https://github.com/joseph-sentry\"\u003e\u003ccode\u003e@​joseph-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1835\"\u003ecodecov/codecov-action#1835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Typo in README by \u003ca href=\"https://github.com/spalmurray\"\u003e\u003ccode\u003e@​spalmurray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1838\"\u003ecodecov/codecov-action#1838\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Refine OIDC docs by \u003ca href=\"https://github.com/spalmurray\"\u003e\u003ccode\u003e@​spalmurray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1837\"\u003ecodecov/codecov-action#1837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1829\"\u003ecodecov/codecov-action#1829\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.4.3\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1822\"\u003ecodecov/codecov-action#1822\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: OIDC on forks by \u003ca href=\"https://github.com/joseph-sentry\"\u003e\u003ccode\u003e@​joseph-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1823\"\u003ecodecov/codecov-action#1823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.4.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/fb8b3582c8e4def4969c97caa2f19720cb33a72f\"\u003e\u003ccode\u003efb8b358\u003c/code\u003e\u003c/a\u003e chore(release): 7.0.0 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1957\"\u003e#1957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/ca0a928a4cb3911011e868128a5cd90437c12db1\"\u003e\u003ccode\u003eca0a928\u003c/code\u003e\u003c/a\u003e ci: remove Enforce License Compliance workflow (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1950\"\u003e#1950\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/e79a6962e0d4c0c17b229090214935d2e33f8354\"\u003e\u003ccode\u003ee79a696\u003c/code\u003e\u003c/a\u003e chore(release): 6.0.1 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1949\"\u003e#1949\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/51e64229ac331acb0d7f7b17c67423995f991c79\"\u003e\u003ccode\u003e51e6422\u003c/code\u003e\u003c/a\u003e fix: prevent template injection in run: steps (VULN-1652) (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1947\"\u003e#1947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/57e3a136b779b570ffcdbf80b3bdc90e7fab3de2\"\u003e\u003ccode\u003e57e3a13\u003c/code\u003e\u003c/a\u003e Th/6.0.0 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1928\"\u003e#1928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/f67d33dda8a42b51c42a8318a1f66468119e898b\"\u003e\u003ccode\u003ef67d33d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot;\u0026quot;...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/75cd11691c0faa626561e295848008c8a7dddffe\"\u003e\u003ccode\u003e75cd116\u003c/code\u003e\u003c/a\u003e chore(release): 5.5.4 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1927\"\u003e#1927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/87d39f4a2cec2673cf9505764fb20a38792ea722\"\u003e\u003ccode\u003e87d39f4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot; (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/1af58845a975a7985b0beb0cbe6fbbb71a41dbad\"\u003e\u003ccode\u003e1af5884\u003c/code\u003e\u003c/a\u003e chore(release): bump to 5.5.3 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1922\"\u003e#1922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/c143300dea6c9a730986ff862c5bf4d458927ef8\"\u003e\u003ccode\u003ec143300\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/github-script from 7.0.1 to 8.0.0 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1874\"\u003e#1874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/codecov/codecov-action/compare/671740ac38dd9b0130fbe1cec585b89eea48d3de...fb8b3582c8e4def4969c97caa2f19720cb33a72f\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/dependency-review-action` from 4.9.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/dependency-review-action/releases\"\u003eactions/dependency-review-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.0.0\u003c/h2\u003e\n\u003cp\u003eThis is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003ev2.327.1\u003c/a\u003e to run.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd .github/copilot-instructions.md for Copilot coding agent by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1067\"\u003eactions/dependency-review-action#1067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js runtime from 20 to 24 by \u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump spdx-license-ids from 3.0.20 to 3.0.23 by \u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: bump actions/checkout from v4 to v6 in workflow examples by \u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by \u003ca href=\"https://github.com/tspascoal\"\u003e\u003ccode\u003e@​tspascoal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1076\"\u003eactions/dependency-review-action#1076\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve security findings by \u003ca href=\"https://github.com/AshelyTC\"\u003e\u003ccode\u003e@​AshelyTC\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1094\"\u003eactions/dependency-review-action#1094\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5.0.0 release branch by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1098\"\u003eactions/dependency-review-action#1098\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003e\u003ccode\u003ea1d282b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1098\"\u003e#1098\u003c/a\u003e from actions/ahpook/v5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/eb6c199c5a85c7387f1f0b02b3ba5c6364740695\"\u003e\u003ccode\u003eeb6c199\u003c/code\u003e\u003c/a\u003e update examples to show \u003ca href=\"https://github.com/v5\"\u003e\u003ccode\u003e@​v5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/3943c2c5beaaaf1806eb3758273c203dabcbf89c\"\u003e\u003ccode\u003e3943c2c\u003c/code\u003e\u003c/a\u003e v5.0.0 release branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/454943c880b147adbfe7de0cdd3ece1c00882033\"\u003e\u003ccode\u003e454943c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1094\"\u003e#1094\u003c/a\u003e from actions/ashelytc/security-findings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/6d92a1228e9e9db334f02c09f84fe9217d2b4463\"\u003e\u003ccode\u003e6d92a12\u003c/code\u003e\u003c/a\u003e revert \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a8e5a7e93695b41abf6d1083cd220bee39a720f0\"\u003e\u003ccode\u003ea8e5a7e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1076\"\u003e#1076\u003c/a\u003e from tspascoal/fix-version-matching-for-non-string-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/b6b7079031ef4ed61656c221988f1f3bcbf35101\"\u003e\u003ccode\u003eb6b7079\u003c/code\u003e\u003c/a\u003e update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e to 8.40.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/821a21dd691f162c4c5c2e9754a344accde9a208\"\u003e\u003ccode\u003e821a21d\u003c/code\u003e\u003c/a\u003e update more dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/05aaaae45cf4c420de012addf2a72e3435ddaa63\"\u003e\u003ccode\u003e05aaaae\u003c/code\u003e\u003c/a\u003e run npm audit fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/55d3e754501fc13c84b95637ce51f135012d41ea\"\u003e\u003ccode\u003e55d3e75\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1077\"\u003e#1077\u003c/a\u003e from Marukome0743/docs/checkout\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/dependency-review-action/compare/2031cfc080254a8a887f58cffee85186f0e49e48...a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `googleapis/release-please-action` from 4.4.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/release-please-action/releases\"\u003egoogleapis/release-please-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/compare/v4.4.1...v5.0.0\"\u003e5.0.0\u003c/a\u003e (2026-04-22)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node24 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1188\"\u003e#1188\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node24 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1188\"\u003e#1188\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/46dfc01594fc6ec99626bc73e479c52bdf554f88\"\u003e46dfc01\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebump release-please from 17.3.0 to 17.6.0 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1199\"\u003e#1199\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/f533c26b74c2778db7edc90c96b63a7d08035765\"\u003ef533c26\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.4.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/compare/v4.4.0...v4.4.1\"\u003e4.4.1\u003c/a\u003e (2026-02-20)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebump release-please from 17.1.3 to 17.3.0 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1183\"\u003e#1183\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/ef9c2745dbfb629d38ebfafa3347a81ab2d51409\"\u003eef9c274\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/release-please-action/blob/main/CHANGELOG.md\"\u003egoogleapis/release-please-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/compare/v4.4.1...v5.0.0\"\u003e5.0.0\u003c/a\u003e (2026-04-22)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node24 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1188\"\u003e#1188\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node24 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1188\"\u003e#1188\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/46dfc01594fc6ec99626bc73e479c52bdf554f88\"\u003e46dfc01\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebump release-please from 17.3.0 to 17.6.0 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1199\"\u003e#1199\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/f533c26b74c2778db7edc90c96b63a7d08035765\"\u003ef533c26\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/compare/v4.4.0...v4.4.1\"\u003e4.4.1\u003c/a\u003e (2026-02-20)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebump release-please from 17.1.3 to 17.3.0 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1183\"\u003e#1183\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/ef9c2745dbfb629d38ebfafa3347a81ab2d51409\"\u003eef9c274\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/compare/v4.3.0...v4.4.0\"\u003e4.4.0\u003c/a\u003e (2025-10-09)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd ability to select versioning-strategy and release-as (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1121\"\u003e#1121\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/ee0f5bae453367755be0c4340193531b3f538374\"\u003eee0f5ba\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003echangelog-host\u003c/code\u003e parameter ignored when using manifest configuration (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1151\"\u003e#1151\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/535c4130c1030110bdacd1b3076f98c046c3a227\"\u003e535c413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebump mocha from 11.7.1 to 11.7.2 in the npm_and_yarn group across 1 directory (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1149\"\u003e#1149\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/3612a99d75bd7a010bb03d6e2ee3e2392b7392fb\"\u003e3612a99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebump release-please from 17.1.2 to 17.1.3 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1158\"\u003e#1158\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/66fbfe9439cb7a3660ecdc00d42573ef0bd00764\"\u003e66fbfe9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/compare/v4.2.0...v4.3.0\"\u003e4.3.0\u003c/a\u003e (2025-08-20)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update release-please to 17.1.2 (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/f07192c046b10acd083f4665a3d8b6350526f9df\"\u003ef07192c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/compare/v4.1.5...v4.2.0\"\u003e4.2.0\u003c/a\u003e (2025-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/commit/45996ed1f6d02564a971a2fa1b5860e934307cf7\"\u003e\u003ccode\u003e45996ed\u003c/code\u003e\u003c/a\u003e chore(main): release 5.0.0 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1200\"\u003e#1200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/commit/a8121b99c9779b09ad890de46417b7cad74eb3a2\"\u003e\u003ccode\u003ea8121b9\u003c/code\u003e\u003c/a\u003e chore: build dist (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1201\"\u003e#1201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/commit/f533c26b74c2778db7edc90c96b63a7d08035765\"\u003e\u003ccode\u003ef533c26\u003c/code\u003e\u003c/a\u003e fix: bump release-please from 17.3.0 to 17.6.0 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1199\"\u003e#1199\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/commit/46dfc01594fc6ec99626bc73e479c52bdf554f88\"\u003e\u003ccode\u003e46dfc01\u003c/code\u003e\u003c/a\u003e feat!: upgrade to node24 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1188\"\u003e#1188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/commit/5c625bfb5d1ff62eadeeb3772007f7f66fdcf071\"\u003e\u003ccode\u003e5c625bf\u003c/code\u003e\u003c/a\u003e chore(main): release 4.4.1 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1187\"\u003e#1187\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/commit/8bb7a2ed0f90c9802c83129a9488d235a1f31a7c\"\u003e\u003ccode\u003e8bb7a2e\u003c/code\u003e\u003c/a\u003e chore: build dist (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1186\"\u003e#1186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/commit/ef9c2745dbfb629d38ebfafa3347a81ab2d51409\"\u003e\u003ccode\u003eef9c274\u003c/code\u003e\u003c/a\u003e fix: bump release-please from 17.1.3 to 17.3.0 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1183\"\u003e#1183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/commit/64d83e95d898ede84e4555719aba555c3244d469\"\u003e\u003ccode\u003e64d83e9\u003c/code\u003e\u003c/a\u003e docs(README): add missing action inputs + package options (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1176\"\u003e#1176\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/googleapis/release-please-action/compare/16a9c90856f42705d54a6fda1823352bdc62cf38...45996ed1f6d02564a971a2fa1b5860e934307cf7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 7.0.0 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/stale` from 10.2.0 to 10.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/stale/releases\"\u003eactions/stale's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug Fix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnhancement: ignore stale labeling events by \u003ca href=\"https://github.com/shamoon\"\u003e\u003ccode\u003e@​shamoon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/stale/pull/1311\"\u003eactions/stale#1311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade dependencies (\u003ccode\u003e@​actions/core\u003c/code\u003e, \u003ccode\u003e@​octokit/plugin-retry\u003c/code\u003e, \u003ca href=\"https://github.com/typescript-eslint\"\u003e\u003ccode\u003e@​typescript-eslint\u003c/code\u003e\u003c/a\u003e) by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/stale/pull/1335\"\u003eactions/stale#1335\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shamoon\"\u003e\u003ccode\u003e@​shamoon\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/stale/pull/1311\"\u003eactions/stale#1311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions...\n\n_Description has been truncated_","html_url":"https://github.com/nodejs/node-addon-api/pull/1736","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/nodejs%2Fnode-addon-api/issues/1736","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1736/packages"},{"uuid":"4608632522","node_id":"PR_kwDOKjuSlM7jr5MT","number":321,"state":"open","title":"Bump the github-actions group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-07T20:32:54.000Z","updated_at":"2026-06-07T20:33:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"github-actions","update_count":5,"packages":[{"name":"step-security/harden-runner","old_version":"2.19.1","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/checkout","old_version":"6.0.2","new_version":"6.0.3","repository_url":"https://github.com/actions/checkout"},{"name":"pnpm/action-setup","old_version":"6.0.6","new_version":"6.0.8","repository_url":"https://github.com/pnpm/action-setup"},{"name":"changesets/action","old_version":"1.8.0","new_version":"1.9.0","repository_url":"https://github.com/changesets/action"},{"name":"github/codeql-action","old_version":"4.35.4","new_version":"4.36.2","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.19.1` | `2.19.4` |\n| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` |\n| [pnpm/action-setup](https://github.com/pnpm/action-setup) | `6.0.6` | `6.0.8` |\n| [changesets/action](https://github.com/changesets/action) | `1.8.0` | `1.9.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.35.4` | `4.36.2` |\n\n\nUpdates `step-security/harden-runner` from 2.19.1 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/a5ad31d6a139d249332a2605b85202e8c0b78450...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 6.0.2 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824\"\u003e\u003ccode\u003e1cce339\u003c/code\u003e\u003c/a\u003e Fix checkout init for SHA-256 repositories (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2439\"\u003e#2439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231\"\u003e\u003ccode\u003e900f221\u003c/code\u003e\u003c/a\u003e fix: expand merge commit SHA regex and add SHA-256 test cases (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2414\"\u003e#2414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98\"\u003e\u003ccode\u003e0c366fd\u003c/code\u003e\u003c/a\u003e Update changelog (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2357\"\u003e#2357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pnpm/action-setup` from 6.0.6 to 6.0.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pnpm/action-setup/releases\"\u003epnpm/action-setup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs(README): fix \u003ccode\u003ecache_dependency_path\u003c/code\u003e type by \u003ca href=\"https://github.com/haines\"\u003e\u003ccode\u003e@​haines\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pnpm/action-setup/pull/257\"\u003epnpm/action-setup#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: drop patchPnpmEnv so standalone+self-update works on Windows by \u003ca href=\"https://github.com/zkochan\"\u003e\u003ccode\u003e@​zkochan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pnpm/action-setup/pull/258\"\u003epnpm/action-setup#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update pnpm to 11.1.1 by \u003ca href=\"https://github.com/mungodewar\"\u003e\u003ccode\u003e@​mungodewar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pnpm/action-setup/pull/248\"\u003epnpm/action-setup#248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mungodewar\"\u003e\u003ccode\u003e@​mungodewar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pnpm/action-setup/pull/248\"\u003epnpm/action-setup#248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pnpm/action-setup/compare/v6.0.7...v6.0.8\"\u003ehttps://github.com/pnpm/action-setup/compare/v6.0.7...v6.0.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: honor devEngines.packageManager.onFail=error (\u003ca href=\"https://redirect.github.com/pnpm/action-setup/issues/252\"\u003e#252\u003c/a\u003e) by \u003ca href=\"https://github.com/zkochan\"\u003e\u003ccode\u003e@​zkochan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pnpm/action-setup/pull/254\"\u003epnpm/action-setup#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: restore inputs from state in post by \u003ca href=\"https://github.com/haines\"\u003e\u003ccode\u003e@​haines\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pnpm/action-setup/pull/255\"\u003epnpm/action-setup#255\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: self-update bootstrap to packageManager-pinned version (\u003ca href=\"https://redirect.github.com/pnpm/action-setup/issues/233\"\u003e#233\u003c/a\u003e) by \u003ca href=\"https://github.com/zkochan\"\u003e\u003ccode\u003e@​zkochan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pnpm/action-setup/pull/256\"\u003epnpm/action-setup#256\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haines\"\u003e\u003ccode\u003e@​haines\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pnpm/action-setup/pull/255\"\u003epnpm/action-setup#255\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pnpm/action-setup/compare/v6.0.6...v6.0.7\"\u003ehttps://github.com/pnpm/action-setup/compare/v6.0.6...v6.0.7\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/action-setup/commit/0e279bb959325dab635dd2c09392533439d90093\"\u003e\u003ccode\u003e0e279bb\u003c/code\u003e\u003c/a\u003e fix: update pnpm to 11.1.1 (\u003ca href=\"https://redirect.github.com/pnpm/action-setup/issues/248\"\u003e#248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/action-setup/commit/3e835812ef01165f4f8ae08ade56da44427ed4e0\"\u003e\u003ccode\u003e3e83581\u003c/code\u003e\u003c/a\u003e fix: drop patchPnpmEnv so standalone+self-update works on Windows (\u003ca href=\"https://redirect.github.com/pnpm/action-setup/issues/258\"\u003e#258\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/action-setup/commit/551b42e879e37e74d986effdd2a1647d2b02d464\"\u003e\u003ccode\u003e551b42e\u003c/code\u003e\u003c/a\u003e docs(README): fix \u003ccode\u003ecache_dependency_path\u003c/code\u003e type (\u003ca href=\"https://redirect.github.com/pnpm/action-setup/issues/257\"\u003e#257\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/action-setup/commit/739bfe42ca9233c5e6aca07c1a25a9d34aca49b0\"\u003e\u003ccode\u003e739bfe4\u003c/code\u003e\u003c/a\u003e fix: self-update bootstrap to packageManager-pinned version (\u003ca href=\"https://redirect.github.com/pnpm/action-setup/issues/233\"\u003e#233\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pnpm/action-setup/issues/256\"\u003e#256\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/action-setup/commit/f61705d907761b3b5209e83910fafd1fea50c5a1\"\u003e\u003ccode\u003ef61705d\u003c/code\u003e\u003c/a\u003e chore: add CODEOWNERS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/action-setup/commit/7a5507b117647ab83e96e9db317ba2234056ebf3\"\u003e\u003ccode\u003e7a5507b\u003c/code\u003e\u003c/a\u003e fix: restore inputs from state in post (\u003ca href=\"https://redirect.github.com/pnpm/action-setup/issues/255\"\u003e#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/action-setup/commit/1155470f3e5fb872accd4d104b8dfcda41f676ce\"\u003e\u003ccode\u003e1155470\u003c/code\u003e\u003c/a\u003e fix: honor devEngines.packageManager.onFail=error (\u003ca href=\"https://redirect.github.com/pnpm/action-setup/issues/252\"\u003e#252\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pnpm/action-setup/issues/254\"\u003e#254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pnpm/action-setup/compare/91ab88e2619ed1f46221f0ba42d1492c02baf788...0e279bb959325dab635dd2c09392533439d90093\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `changesets/action` from 1.8.0 to 1.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/changesets/action/releases\"\u003echangesets/action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.9.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/636\"\u003e#636\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/b072bccc4c664a373c42168eed9139dce1e003b1\"\u003e\u003ccode\u003eb072bcc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Add a new \u003ccode\u003e@changesets/action/pr-comment\u003c/code\u003e sub-action to comment on PRs\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/625\"\u003e#625\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/8795eee5eee884e887d352ac673a515ffe35aaa6\"\u003e\u003ccode\u003e8795eee\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Add a new \u003ccode\u003e@changesets/action/pr-status\u003c/code\u003e sub-action to generate the changeset status comment for PRs as an alternative to the \u003ca href=\"https://github.com/apps/changeset-bot\"\u003eChangesets Bot\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/535\"\u003e#535\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/34f64f6e2e1e47ddc183f174aa27c197aa47f520\"\u003e\u003ccode\u003e34f64f6\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Fixed an issue with GitHub releases not being created for successfully published packages when \u003cem\u003esome\u003c/em\u003e packages failed to be published to the registry.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/632\"\u003e#632\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/1d54b9e660e435237accbcae0b4581af3be641b4\"\u003e\u003ccode\u003e1d54b9e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Simplify internal implementation to get changelog entries for a package version\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/629\"\u003e#629\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/e0c90aa7fbd0cc26931a679c5abe9bbc0deb0b50\"\u003e\u003ccode\u003ee0c90aa\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Fix custom version and publish command argument parsing\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/645\"\u003e#645\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/f9585d966a9c7d2f668b97199990de6f885823cf\"\u003e\u003ccode\u003ef9585d9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Improved force-push handling when using \u003ccode\u003ecommitMode: \u0026quot;github-api\u0026quot;\u003c/code\u003e so updating an existing branch no longer temporarily resets the target branch to the base commit, avoiding cases where GitHub closes open pull requests during the update. This should remove a possibility of a GitHub state race that caused the force-pushed PRs not being reopened.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/changesets/action/blob/main/CHANGELOG.md\"\u003echangesets/action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e\u003ccode\u003e@​changesets/action\u003c/code\u003e\u003c/h1\u003e\n\u003ch2\u003e1.9.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/636\"\u003e#636\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/b072bccc4c664a373c42168eed9139dce1e003b1\"\u003e\u003ccode\u003eb072bcc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Add a new \u003ccode\u003e@changesets/action/pr-comment\u003c/code\u003e sub-action to comment on PRs\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/625\"\u003e#625\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/8795eee5eee884e887d352ac673a515ffe35aaa6\"\u003e\u003ccode\u003e8795eee\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Add a new \u003ccode\u003e@changesets/action/pr-status\u003c/code\u003e sub-action to generate the changeset status comment for PRs as an alternative to the \u003ca href=\"https://github.com/apps/changeset-bot\"\u003eChangesets Bot\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/535\"\u003e#535\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/34f64f6e2e1e47ddc183f174aa27c197aa47f520\"\u003e\u003ccode\u003e34f64f6\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Fixed an issue with GitHub releases not being created for successfully published packages when \u003cem\u003esome\u003c/em\u003e packages failed to be published to the registry.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/632\"\u003e#632\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/1d54b9e660e435237accbcae0b4581af3be641b4\"\u003e\u003ccode\u003e1d54b9e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Simplify internal implementation to get changelog entries for a package version\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/629\"\u003e#629\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/e0c90aa7fbd0cc26931a679c5abe9bbc0deb0b50\"\u003e\u003ccode\u003ee0c90aa\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Fix custom version and publish command argument parsing\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/645\"\u003e#645\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/f9585d966a9c7d2f668b97199990de6f885823cf\"\u003e\u003ccode\u003ef9585d9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Improved force-push handling when using \u003ccode\u003ecommitMode: \u0026quot;github-api\u0026quot;\u003c/code\u003e so updating an existing branch no longer temporarily resets the target branch to the base commit, avoiding cases where GitHub closes open pull requests during the update. This should remove a possibility of a GitHub state race that caused the force-pushed PRs not being reopened.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.8.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/258\"\u003e#258\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/f5dbf72f96949cb0daf45152f0f63062df70e97d\"\u003e\u003ccode\u003ef5dbf72\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tom-sherman\"\u003e\u003ccode\u003e@​tom-sherman\u003c/code\u003e\u003c/a\u003e! - Support draft version PR modes with a new \u003ccode\u003eprDraft\u003c/code\u003e input. Use \u003ccode\u003ecreate\u003c/code\u003e to create new version PRs as drafts, or \u003ccode\u003ealways\u003c/code\u003e to also convert existing version PRs back to draft when updating them.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/502\"\u003e#502\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/6002dbd987f49a3c0a134910d9c7bca975b79977\"\u003e\u003ccode\u003e6002dbd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/oshytiko\"\u003e\u003ccode\u003e@​oshytiko\u003c/code\u003e\u003c/a\u003e! - Fixed initial \u003ccode\u003e.changeset\u003c/code\u003e state being picked up, when \u003ccode\u003ecwd\u003c/code\u003e parameter is provided\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/536\"\u003e#536\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/81b3f61ebffcb868f73e4c0b2682517149c834a2\"\u003e\u003ccode\u003e81b3f61\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/radnan\"\u003e\u003ccode\u003e@​radnan\u003c/code\u003e\u003c/a\u003e! - Fixed \u003ccode\u003e.changeset\u003c/code\u003e state being picked for the version command when \u003ccode\u003ecwd\u003c/code\u003e parameter is provided\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/564\"\u003e#564\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/935fe876b0054dfc962ac86bcddf028460040d46\"\u003e\u003ccode\u003e935fe87\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Automatically use the GitHub-provided token to allow most users to avoid explicit \u003ccode\u003eGITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\u003c/code\u003e configuration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/545\"\u003e#545\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/54220dd92c06e7da112b139f95d8beb933e4cdde\"\u003e\u003ccode\u003e54220dd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ryanbas21\"\u003e\u003ccode\u003e@​ryanbas21\u003c/code\u003e\u003c/a\u003e! - The \u003ccode\u003e.npmrc\u003c/code\u003e generation now intelligently handles both traditional NPM token authentication and trusted publishing scenarios by only appending the auth token when \u003ccode\u003eNPM_TOKEN\u003c/code\u003e is defined. This prevents 'undefined' from being written to the registry configuration when using OIDC tokens from GitHub Actions trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/563\"\u003e#563\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/6af4a7ec080d23ac6b304f69b67fd0aa92e089e7\"\u003e\u003ccode\u003e6af4a7e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Don't error on already committed symlinks and executables that stay untouched\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.6.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/558\"\u003e#558\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/342005d41242bccd9dd9ae8d3679efce96af48ae\"\u003e\u003ccode\u003e342005d\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/harsha-venugopal-ledn\"\u003e\u003ccode\u003e@​harsha-venugopal-ledn\u003c/code\u003e\u003c/a\u003e! - Upgrade from Node.js 20 to Node.js 24 LTS\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/a45c4d594aa4e2c509dc14a9f2b3b67ba3780d0d\"\u003e\u003ccode\u003ea45c4d5\u003c/code\u003e\u003c/a\u003e v1.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/b459b1eaa0a3889b4eea8af244304a64da6331ce\"\u003e\u003ccode\u003eb459b1e\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/changesets/action/issues/637\"\u003e#637\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/f9585d966a9c7d2f668b97199990de6f885823cf\"\u003e\u003ccode\u003ef9585d9\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003e@changesets/ghcommit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/changesets/action/issues/645\"\u003e#645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/020e8cc600a1e7e7b8b843654902f043f32387ea\"\u003e\u003ccode\u003e020e8cc\u003c/code\u003e\u003c/a\u003e Use internal bot for versioning (\u003ca href=\"https://redirect.github.com/changesets/action/issues/643\"\u003e#643\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/b072bccc4c664a373c42168eed9139dce1e003b1\"\u003e\u003ccode\u003eb072bcc\u003c/code\u003e\u003c/a\u003e Add simple PR comment sub-action (\u003ca href=\"https://redirect.github.com/changesets/action/issues/636\"\u003e#636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/8795eee5eee884e887d352ac673a515ffe35aaa6\"\u003e\u003ccode\u003e8795eee\u003c/code\u003e\u003c/a\u003e Comment changeset status in PRs (\u003ca href=\"https://redirect.github.com/changesets/action/issues/625\"\u003e#625\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/34f64f6e2e1e47ddc183f174aa27c197aa47f520\"\u003e\u003ccode\u003e34f64f6\u003c/code\u003e\u003c/a\u003e Fixed an issue with GitHub releases not being created for successfully publis...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/1d54b9e660e435237accbcae0b4581af3be641b4\"\u003e\u003ccode\u003e1d54b9e\u003c/code\u003e\u003c/a\u003e Simplify getChangelogEntry (\u003ca href=\"https://redirect.github.com/changesets/action/issues/632\"\u003e#632\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/031358f743b5a6199bd7a39bdc8b469280983df9\"\u003e\u003ccode\u003e031358f\u003c/code\u003e\u003c/a\u003e Update to typescript v6 (\u003ca href=\"https://redirect.github.com/changesets/action/issues/633\"\u003e#633\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/a0c05f7a4b1df776543903d7dca8e39cd787b30a\"\u003e\u003ccode\u003ea0c05f7\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​changesets/changelog-github\u003c/code\u003e from 0.5.2 to 0.7.0 (\u003ca href=\"https://redirect.github.com/changesets/action/issues/620\"\u003e#620\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/changesets/action/compare/63a615b9cd06ba9a3e6d13796c7fbcb080a60a0b...a45c4d594aa4e2c509dc14a9f2b3b67ba3780d0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.4 to 4.36.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.36.1\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.2 - 04 Jun 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.36.1 - 02 Jun 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8aad20d150bbac5944a9f9d289da16a4b0d87c1e\"\u003e\u003ccode\u003e8aad20d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3949\"\u003e#3949\u003c/a\u003e from github/update-v4.36.2-dcb947ce1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f521b08cd8f468ab193ea950a589cb2e9c869c6a\"\u003e\u003ccode\u003ef521b08\u003c/code\u003e\u003c/a\u003e Add additional changelog notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8aeff0ffb7b78582ee0d0e6eebb8140684400d08\"\u003e\u003ccode\u003e8aeff0f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/dcb947ce15976d40ea82935510b2db4872ec124c\"\u003e\u003ccode\u003edcb947c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3948\"\u003e#3948\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c251bcefa178f7780f62f150002acffe3d07fde9\"\u003e\u003ccode\u003ec251bce\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/62953c18b35f59e28351d2f1e806925aef8b1e3c\"\u003e\u003ccode\u003e62953c1\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/423b570baf1976cd7a3daeba5d6e9f9b76432f37\"\u003e\u003ccode\u003e423b570\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3946\"\u003e#3946\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-minor-5d507a...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c35d1b164463ee62a100735382aaaa525c5d3496\"\u003e\u003ccode\u003ec35d1b1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3947\"\u003e#3947\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/cb1a588b02755b176e7b9d033ed4b69312f0e1bd\"\u003e\u003ccode\u003ecb1a588\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3937\"\u003e#3937\u003c/a\u003e from github/robertbrignull/waitForProcessing_backoff\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ba47406412c54532b5b4fcfbaf877c9e2382b206\"\u003e\u003ccode\u003eba47406\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3943\"\u003e#3943\u003c/a\u003e from github/henrymercer/cache-cli-version-info\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...8aad20d150bbac5944a9f9d289da16a4b0d87c1e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/zemd/eslint-flat-config/pull/321","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/zemd%2Feslint-flat-config/issues/321","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/321/packages"},{"uuid":"4604427694","node_id":"PR_kwDOSgCO287je4R_","number":33,"state":"closed","title":"chore(deps): bump step-security/harden-runner from 2.12.0 to 2.19.4","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-08T01:25:38.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-06T17:10:05.000Z","updated_at":"2026-06-08T01:25:40.000Z","time_to_close":116133,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"step-security/harden-runner","old_version":"2.12.0","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"}],"path":null,"ecosystem":"actions"},"body":"Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.12.0 to 2.19.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/harden-runner/compare/0634a2670c59f64b4a01f0f96f84700a4088b9f0...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner\u0026package-manager=github_actions\u0026previous-version=2.12.0\u0026new-version=2.19.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Moelgenady/DevOps-HiveBox/pull/33","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Moelgenady%2FDevOps-HiveBox/issues/33","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/33/packages"},{"uuid":"4594881493","node_id":"PR_kwDOSRkdbM7i_lat","number":31,"state":"closed","title":"Bump the dependencies group across 1 directory with 11 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-12T06:50:15.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-05T06:49:58.000Z","updated_at":"2026-06-12T06:50:17.000Z","time_to_close":604817,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"dependencies","update_count":11,"packages":[{"name":"step-security/harden-runner","old_version":"2.19.0","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/checkout","old_version":"6.0.2","new_version":"6.0.3","repository_url":"https://github.com/actions/checkout"},{"name":"fluxcd/flux2","old_version":"2.8.6","new_version":"2.8.8","repository_url":"https://github.com/fluxcd/flux2"},{"name":"step-security/semver-utils","old_version":"4.3.2","new_version":"5.0.0","repository_url":"https://github.com/step-security/semver-utils"},{"name":"step-security/close-milestone","old_version":"2.2.1","new_version":"2.2.2","repository_url":"https://github.com/step-security/close-milestone"},{"name":"sigstore/cosign-installer","old_version":"4.1.1","new_version":"4.1.2","repository_url":"https://github.com/sigstore/cosign-installer"},{"name":"docker/login-action","old_version":"4.1.0","new_version":"4.2.0","repository_url":"https://github.com/docker/login-action"},{"name":"docker/setup-qemu-action","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/docker/setup-qemu-action"},{"name":"docker/setup-buildx-action","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/build-push-action","old_version":"7.1.0","new_version":"7.2.0","repository_url":"https://github.com/docker/build-push-action"},{"name":"securego/gosec","old_version":"2.25.0","new_version":"2.27.1","repository_url":"https://github.com/securego/gosec"}],"path":null,"ecosystem":"actions"},"body":"Bumps the dependencies group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.19.0` | `2.19.4` |\n| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` |\n| [fluxcd/flux2](https://github.com/fluxcd/flux2) | `2.8.6` | `2.8.8` |\n| [step-security/semver-utils](https://github.com/step-security/semver-utils) | `4.3.2` | `5.0.0` |\n| [step-security/close-milestone](https://github.com/step-security/close-milestone) | `2.2.1` | `2.2.2` |\n| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.1.1` | `4.1.2` |\n| [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` |\n| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.0.0` | `4.1.0` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` |\n| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.1.0` | `7.2.0` |\n| [securego/gosec](https://github.com/securego/gosec) | `2.25.0` | `2.27.1` |\n\n\nUpdates `step-security/harden-runner` from 2.19.0 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/376d25a97f3a1640ff8cbbddaa4af25948df2cf3\"\u003e\u003ccode\u003e376d25a\u003c/code\u003e\u003c/a\u003e fix: detect ubuntu-slim runners early and bail out\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/8d3c67de8e2fe68ef647c8db1e6a09f647780f40...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 6.0.2 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824\"\u003e\u003ccode\u003e1cce339\u003c/code\u003e\u003c/a\u003e Fix checkout init for SHA-256 repositories (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2439\"\u003e#2439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231\"\u003e\u003ccode\u003e900f221\u003c/code\u003e\u003c/a\u003e fix: expand merge commit SHA regex and add SHA-256 test cases (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2414\"\u003e#2414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98\"\u003e\u003ccode\u003e0c366fd\u003c/code\u003e\u003c/a\u003e Update changelog (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2357\"\u003e#2357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fluxcd/flux2` from 2.8.6 to 2.8.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fluxcd/flux2/releases\"\u003efluxcd/flux2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.8\u003c/h2\u003e\n\u003ch2\u003eHighlights\u003c/h2\u003e\n\u003cp\u003eFlux v2.8.8 is a patch release that includes CVE fixes via go-git v5.19.1 (source-controller, image-automation-controller), reliability fixes in helm-controller and source-controller, the move of Helm back to upstream v4.2.0, support for GCP sovereign cloud artifact registries, and dependency updates. Users are encouraged to upgrade for the best experience.\u003c/p\u003e\n\u003cp\u003eℹ️ Please follow the \u003ca href=\"https://github.com/fluxcd/flux2/discussions/5572\"\u003eUpgrade Procedure for Flux v2.7+\u003c/a\u003e for a smooth upgrade from Flux v2.6 to the latest version.\u003c/p\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a configurable HTTP timeout for artifact fetching, preventing fetches that could block indefinitely and stall reconciliations (helm-controller)\u003c/li\u003e\n\u003cli\u003eFix unbounded memory growth caused by a Kubernetes client transport retry wrapper accumulating on every reconcile (helm-controller)\u003c/li\u003e\n\u003cli\u003eStop force-applying non-CRD objects placed under a chart's \u003ccode\u003ecrds/\u003c/code\u003e directory (helm-controller)\u003c/li\u003e\n\u003cli\u003eFix the Helm test action failing to find releases with names longer than 53 characters (helm-controller)\u003c/li\u003e\n\u003cli\u003eImprove path handling in the source reconcilers (source-controller)\u003c/li\u003e\n\u003cli\u003eSupport Helm semver build-metadata encoding in OCIRepository tags (source-controller)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eImprovements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate go-git to v5.19.1 which fixes \u003ca href=\"https://github.com/advisories/GHSA-crhj-59gh-8x96\"\u003eCVE-2026-45571\u003c/a\u003e and \u003ca href=\"https://github.com/advisories/GHSA-m7cr-m3pv-hgrp\"\u003eCVE-2026-45570\u003c/a\u003e (source-controller, image-automation-controller)\u003c/li\u003e\n\u003cli\u003eMove Helm back to upstream v4.2.0 (source-controller, helm-controller)\u003c/li\u003e\n\u003cli\u003eAdd support for GCP sovereign cloud artifact registries (source-controller, image-reflector-controller)\u003c/li\u003e\n\u003cli\u003eUpgrade Kubernetes to 1.36.1 (source-controller, helm-controller)\u003c/li\u003e\n\u003cli\u003eUpdate fluxcd/pkg dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eComponents changelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ehelm-controller \u003ca href=\"https://github.com/fluxcd/helm-controller/blob/v1.5.5/CHANGELOG.md\"\u003ev1.5.5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimage-automation-controller \u003ca href=\"https://github.com/fluxcd/image-automation-controller/blob/v1.1.4/CHANGELOG.md\"\u003ev1.1.4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimage-reflector-controller \u003ca href=\"https://github.com/fluxcd/image-reflector-controller/blob/v1.1.2/CHANGELOG.md\"\u003ev1.1.2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esource-controller \u003ca href=\"https://github.com/fluxcd/source-controller/blob/v1.8.5/CHANGELOG.md\"\u003ev1.8.5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCLI changelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate toolkit components by \u003ca href=\"https://github.com/fluxcdbot\"\u003e\u003ccode\u003e@​fluxcdbot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fluxcd/flux2/pull/5904\"\u003efluxcd/flux2#5904\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fluxcd/flux2/compare/v2.8.7...v2.8.8\"\u003ehttps://github.com/fluxcd/flux2/compare/v2.8.7...v2.8.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.7\u003c/h2\u003e\n\u003ch2\u003eHighlights\u003c/h2\u003e\n\u003cp\u003eFlux v2.8.7 is a patch release that includes a bug fix in kustomize-controller, a CVE fix in source-controller and image-automation-controller via go-git v5.19.0, and dependency updates. Users are encouraged to upgrade for the best experience.\u003c/p\u003e\n\u003cp\u003eℹ️ Please follow the \u003ca href=\"https://github.com/fluxcd/flux2/discussions/5572\"\u003eUpgrade Procedure for Flux v2.7+\u003c/a\u003e for a smooth upgrade from Flux v2.6 to the latest version.\u003c/p\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix management of objects annotated with \u003ccode\u003ekustomize.toolkit.fluxcd.io/ssa: IfNotPresent\u003c/code\u003e where non-namespaced resources were being deleted and recreated on each reconciliation (kustomize-controller)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eImprovements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate go-git to v5.19.0 which fixes \u003ca href=\"https://github.com/advisories/GHSA-389r-gv7p-r3rp\"\u003eCVE-2026-45022\u003c/a\u003e (source-controller, image-automation-controller)\u003c/li\u003e\n\u003cli\u003eUpdate fluxcd/pkg dependencies (source-controller, kustomize-controller, image-automation-controller)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eComponents changelog\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/1fd61a06264d71cf445ed55c4f14d401d26a1c64\"\u003e\u003ccode\u003e1fd61a0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5904\"\u003e#5904\u003c/a\u003e from fluxcd/update-components-release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/477f048ec0c3c47ce402c5be45cb67b9b2b84386\"\u003e\u003ccode\u003e477f048\u003c/code\u003e\u003c/a\u003e Update toolkit components\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/0acfaa26c6219cb08e3add4432b981436b2a4f49\"\u003e\u003ccode\u003e0acfaa2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5899\"\u003e#5899\u003c/a\u003e from fluxcd/update-pkg-deps/release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/264957f40bef9d139323341e7466548ebba17c27\"\u003e\u003ccode\u003e264957f\u003c/code\u003e\u003c/a\u003e Update fluxcd/pkg dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/54e4ba378e155ada619caafdc599e5c4d759ce5c\"\u003e\u003ccode\u003e54e4ba3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5891\"\u003e#5891\u003c/a\u003e from fluxcd/update-components-release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/d2fbb16656555a93adfb5aa0ec7ca145919acacb\"\u003e\u003ccode\u003ed2fbb16\u003c/code\u003e\u003c/a\u003e Update toolkit components\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/66533d7c9027618340b96e7a925cbef4f43f4dfc\"\u003e\u003ccode\u003e66533d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5882\"\u003e#5882\u003c/a\u003e from fluxcd/backport-5881-to-release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/7ac36233f338adf90eb7546533f87c23a32d50fc\"\u003e\u003ccode\u003e7ac3623\u003c/code\u003e\u003c/a\u003e include source-watcher in install manifests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fluxcd/flux2/compare/04acaec6161ac4fb1a82ffafa88901c03271d34f...1fd61a06264d71cf445ed55c4f14d401d26a1c64\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `step-security/semver-utils` from 4.3.2 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/semver-utils/releases\"\u003estep-security/semver-utils's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/220\"\u003estep-security/semver-utils#220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/221\"\u003estep-security/semver-utils#221\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade packages to fix vulnerabilities by \u003ca href=\"https://github.com/Raj-StepSecurity\"\u003e\u003ccode\u003e@​Raj-StepSecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/222\"\u003estep-security/semver-utils#222\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/223\"\u003estep-security/semver-utils#223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/224\"\u003estep-security/semver-utils#224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Remove guarddog.yml by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/225\"\u003estep-security/semver-utils#225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/227\"\u003estep-security/semver-utils#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add claude review workflow by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/228\"\u003estep-security/semver-utils#228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: added banner and update subscription check to make maintained actions free for public repos by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/226\"\u003estep-security/semver-utils#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 4.1.1 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/175\"\u003estep-security/semver-utils#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/202\"\u003estep-security/semver-utils#202\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github/codeql-action from 3.24.3 to 4.35.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/218\"\u003estep-security/semver-utils#218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/dependency-review-action from 4.1.3 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/209\"\u003estep-security/semver-utils#209\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Update auto cherry-pick workflow by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/230\"\u003estep-security/semver-utils#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Cherry-picked changes from upstream by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/229\"\u003estep-security/semver-utils#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/225\"\u003estep-security/semver-utils#225\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/semver-utils/compare/v4...v5.0.0\"\u003ehttps://github.com/step-security/semver-utils/compare/v4...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/5bb182a08240146b23b61cc002cb74004377da4b\"\u003e\u003ccode\u003e5bb182a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/229\"\u003e#229\u003c/a\u003e from step-security/auto-cherry-pick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/57d3f51f108d62d579217a48d6ea0098e9a183ee\"\u003e\u003ccode\u003e57d3f51\u003c/code\u003e\u003c/a\u003e chore: Bump version in package.json and lock file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/6ac856db625c45a3598e902d3d41ff82e6c6225b\"\u003e\u003ccode\u003e6ac856d\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into auto-cherry-pick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/b36e30950176cfdc82294700f613aa2bcffe72f0\"\u003e\u003ccode\u003eb36e309\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/230\"\u003e#230\u003c/a\u003e from step-security/fix-auto-cherry-pick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/385280376f65b1dfeedc496f98d305d0b42ab1a0\"\u003e\u003ccode\u003e3852803\u003c/code\u003e\u003c/a\u003e fix: Update auto cherry-pick workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/dbfcfd87d115b9a32284e1b53930aae83c1820e5\"\u003e\u003ccode\u003edbfcfd8\u003c/code\u003e\u003c/a\u003e chore: Cherry-pick changes from upstream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/ecb04aec3bade353524b29c14ba3579d7c45779c\"\u003e\u003ccode\u003eecb04ae\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/ba69ca4900a31d80c7f4d9556f25e85777cbcaa7\"\u003e\u003ccode\u003eba69ca4\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/6f8e4f9839152d933a82fe6bdf6802d389b120d7\"\u003e\u003ccode\u003e6f8e4f9\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/9e44e9ebb00a2d5a1d8ef8886eb5c2a809949843\"\u003e\u003ccode\u003e9e44e9e\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/semver-utils/compare/4ae9c1fd6d1c5f8f152fe7e2efe8069a952c2ace...5bb182a08240146b23b61cc002cb74004377da4b\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `step-security/close-milestone` from 2.2.1 to 2.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/close-milestone/releases\"\u003estep-security/close-milestone's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/109\"\u003estep-security/close-milestone#109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/125\"\u003estep-security/close-milestone#125\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/126\"\u003estep-security/close-milestone#126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/127\"\u003estep-security/close-milestone#127\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/128\"\u003estep-security/close-milestone#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/129\"\u003estep-security/close-milestone#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/130\"\u003estep-security/close-milestone#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/131\"\u003estep-security/close-milestone#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/132\"\u003estep-security/close-milestone#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/133\"\u003estep-security/close-milestone#133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/134\"\u003estep-security/close-milestone#134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade packages to fix vulnerabilities by \u003ca href=\"https://github.com/Raj-StepSecurity\"\u003e\u003ccode\u003e@​Raj-StepSecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/135\"\u003estep-security/close-milestone#135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/136\"\u003estep-security/close-milestone#136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/137\"\u003estep-security/close-milestone#137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/138\"\u003estep-security/close-milestone#138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Remove guarddog.yml by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/139\"\u003estep-security/close-milestone#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/141\"\u003estep-security/close-milestone#141\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/142\"\u003estep-security/close-milestone#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: create claude_review.yml by \u003ca href=\"https://github.com/amanstep\"\u003e\u003ccode\u003e@​amanstep\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/143\"\u003estep-security/close-milestone#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: added banner and update subscription check to make maintained actions free for public repos by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/140\"\u003estep-security/close-milestone#140\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/139\"\u003estep-security/close-milestone#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amanstep\"\u003e\u003ccode\u003e@​amanstep\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/143\"\u003estep-security/close-milestone#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/close-milestone/compare/v2...v2.2.2\"\u003ehttps://github.com/step-security/close-milestone/compare/v2...v2.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/d6e3b63e31f1f869bd3d0403f8cdc1a68f59ab4a\"\u003e\u003ccode\u003ed6e3b63\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/140\"\u003e#140\u003c/a\u003e from step-security/feat/update-subscription-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/863f964626093731ac2c636fa7dc5ff3d2644274\"\u003e\u003ccode\u003e863f964\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into feat/update-subscription-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/e1b596a61a6ecc976f5da769dd6d7fa404a0d678\"\u003e\u003ccode\u003ee1b596a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/143\"\u003e#143\u003c/a\u003e from step-security/amanstep-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/46baafa0c6c0df51b9d34812be4ae404ccbd2e46\"\u003e\u003ccode\u003e46baafa\u003c/code\u003e\u003c/a\u003e format: fixed formatting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/6bc6bcafec2bf2bebc8ab86081cdd0b8f2630caf\"\u003e\u003ccode\u003e6bc6bca\u003c/code\u003e\u003c/a\u003e ci: create claude_review.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/e988771562706195b18b9441460b11d785b5904d\"\u003e\u003ccode\u003ee988771\u003c/code\u003e\u003c/a\u003e chore: dist updated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/07bcad02d188d4bdc830f6403f27aa3a63d9230e\"\u003e\u003ccode\u003e07bcad0\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into feat/update-subscription-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/bde7f30187b35ad62a306764515a07135f09a465\"\u003e\u003ccode\u003ebde7f30\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/142\"\u003e#142\u003c/a\u003e from step-security/npm-audit-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/c147b794f062d8a0fa8066b154701c8dda26b2ca\"\u003e\u003ccode\u003ec147b79\u003c/code\u003e\u003c/a\u003e fix: apply audit fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/5e1530b9f64d08ab27a6804b967af5a24b50792d\"\u003e\u003ccode\u003e5e1530b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/141\"\u003e#141\u003c/a\u003e from step-security/npm-audit-fix\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/close-milestone/compare/b097272a7aaa0f5c40dc6bc671d45d35c5e85b51...d6e3b63e31f1f869bd3d0403f8cdc1a68f59ab4a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sigstore/cosign-installer` from 4.1.1 to 4.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sigstore/cosign-installer/releases\"\u003esigstore/cosign-installer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump cosign to 3.0.6 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/232\"\u003esigstore/cosign-installer#232\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003e\u003ccode\u003e6f9f177\u003c/code\u003e\u003c/a\u003e Bump cosign to 3.0.6 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/b5e753ae2d39589c7b38850b463739151fc67f07\"\u003e\u003ccode\u003eb5e753a\u003c/code\u003e\u003c/a\u003e Bump actions/github-script from 8.0.0 to 9.0.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/230\"\u003e#230\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/115e4ce455e573aa6e9ba51e8d040ddd5c1378af\"\u003e\u003ccode\u003e115e4ce\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 6.3.0 to 6.4.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003...6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/login-action` from 4.1.0 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/login-action/releases\"\u003edocker/login-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/976\"\u003edocker/login-action#976\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1050.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/960\"\u003edocker/login-action#960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/970\"\u003edocker/login-action#970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.1 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/993\"\u003edocker/login-action#993\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/985\"\u003edocker/login-action#985\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.6 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/963\"\u003edocker/login-action#963\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 9.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/961\"\u003edocker/login-action#961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/979\"\u003edocker/login-action#979\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/991\"\u003edocker/login-action#991\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.3 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/986\"\u003edocker/login-action#986\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.1.0...v4.2.0\"\u003ehttps://github.com/docker/login-action/compare/v4.1.0...v4.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003e\u003ccode\u003e650006c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/960\"\u003e#960\u003c/a\u003e from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/99df1a3f6d65e48177ea57671a50e2242eae4b63\"\u003e\u003ccode\u003e99df1a3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3ab375f324f46da5f6901efeda4be4e2566ebaa2\"\u003e\u003ccode\u003e3ab375f\u003c/code\u003e\u003c/a\u003e build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/39d85804ae465a1816c68ff58158ec66883981b4\"\u003e\u003ccode\u003e39d8580\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/970\"\u003e#970\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/4eefcd33ca7213989697445a78b6730274bfaba6\"\u003e\u003ccode\u003e4eefcd3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/56d092c8b3f04006c22f4fc20a2b3d2442caed56\"\u003e\u003ccode\u003e56d092c\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/e2e31ca87063ae00fd41ad3b9c548dd8ec24c5ff\"\u003e\u003ccode\u003ee2e31ca\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/976\"\u003e#976\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/0bced941e843afc786fbfd58b1c6c13ca11e09c9\"\u003e\u003ccode\u003e0bced94\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3e75a0f266b07e09777a621d0ca5f4432ef9f10c\"\u003e\u003ccode\u003e3e75a0f\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/365bebd9d646160567ebad47824f026e09ee6970\"\u003e\u003ccode\u003e365bebd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/984\"\u003e#984\u003c/a\u003e from docker/dependabot/github_actions/aws-actions/con...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/login-action/compare/4907a6ddec9925e35a0a9e82d7399ccc52663121...650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-qemu-action` from 4.0.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-qemu-action/releases\"\u003edocker/setup-qemu-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ereset\u003c/code\u003e input to uninstall current emulators by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/21\"\u003edocker/setup-qemu-action#21\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.77.0 to 0.91.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/250\"\u003edocker/setup-qemu-action#250\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/247\"\u003edocker/setup-qemu-action#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.15 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/265\"\u003edocker/setup-qemu-action#265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.0.0 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/286\"\u003edocker/setup-qemu-action#286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/255\"\u003edocker/setup-qemu-action#255\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/257\"\u003edocker/setup-qemu-action#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.15 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/254\"\u003edocker/setup-qemu-action#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/262\"\u003edocker/setup-qemu-action#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/273\"\u003edocker/setup-qemu-action#273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/285\"\u003edocker/setup-qemu-action#285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/287\"\u003edocker/setup-qemu-action#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tmp from 0.2.5 to 0.2.6 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/291\"\u003edocker/setup-qemu-action#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.26.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/251\"\u003edocker/setup-qemu-action#251\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/271\"\u003edocker/setup-qemu-action#271\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-qemu-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/setup-qemu-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/06116385d9baf250c9f4dcb4858b16962ea869c3\"\u003e\u003ccode\u003e0611638\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/21\"\u003e#21\u003c/a\u003e from crazy-max/uninst\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/ce59c818a5ff16552ddf7407ee7cb00bea682925\"\u003e\u003ccode\u003ece59c81\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/2ddad4401e17fa807e8a3c4bd289ccdd993f0868\"\u003e\u003ccode\u003e2ddad44\u003c/code\u003e\u003c/a\u003e uninstall current emulators\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/8c37cd6f3456e1f3f3026250eac496709e9e7e10\"\u003e\u003ccode\u003e8c37cd6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/250\"\u003e#250\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/d1a0ff34af591b8e290e46f3fa114ef5bb81cd1c\"\u003e\u003ccode\u003ed1a0ff3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/0a8f3dc12541cc2c3b19c182a1a2c90a2c8b8d93\"\u003e\u003ccode\u003e0a8f3dc\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.91.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/9430f61a7691bd1bfdc4d6ba70e558659d36fa7a\"\u003e\u003ccode\u003e9430f61\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/291\"\u003e#291\u003c/a\u003e from docker/dependabot/npm_and_yarn/tmp-0.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/978bd7796cb6698377e7af6726b726e5ced642d0\"\u003e\u003ccode\u003e978bd77\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/3479febc62cc0fbcb98c7c7fc0dac778c0d79d6a\"\u003e\u003ccode\u003e3479feb\u003c/code\u003e\u003c/a\u003e build(deps): bump tmp from 0.2.5 to 0.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/b113c264143c28c2974bed61af25be32d32f4782\"\u003e\u003ccode\u003eb113c26\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/255\"\u003e#255\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-5...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-qemu-action/compare/ce360397dd3f832beb865e1373c09c0e9f86d70a...06116385d9baf250c9f4dcb4858b16962ea869c3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-buildx-action` from 4.0.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-buildx-action/releases\"\u003edocker/setup-buildx-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/489\"\u003edocker/setup-buildx-action#489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/547\"\u003edocker/setup-buildx-action#547\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/508\"\u003edocker/setup-buildx-action#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.0.0 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/540\"\u003edocker/setup-buildx-action#540\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/496\"\u003edocker/setup-buildx-action#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/499\"\u003edocker/setup-buildx-action#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 13.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/495\"\u003edocker/setup-buildx-action#495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/504\"\u003edocker/setup-buildx-action#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/523\"\u003edocker/setup-buildx-action#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/503\"\u003edocker/setup-buildx-action#503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/537\"\u003edocker/setup-buildx-action#537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/545\"\u003edocker/setup-buildx-action#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.25.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/492\"\u003edocker/setup-buildx-action#492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/520\"\u003edocker/setup-buildx-action#520\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5\"\u003e\u003ccode\u003ed7f5e7f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/489\"\u003e#489\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/92bc5c9777806d0a73d9d668ba2114fa1177f164\"\u003e\u003ccode\u003e92bc5c9\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/da11e35abee0f20cb4f1c1b7c461d37c29be52f5\"\u003e\u003ccode\u003eda11e35\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/f021e162ef95b6fba51af1c6674f537f25bce851\"\u003e\u003ccode\u003ef021e16\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/492\"\u003e#492\u003c/a\u003e from docker/dependabot/npm_and_yarn/undici-6.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/b5af94fab700aee0c64d6077e0e34ae987815b67\"\u003e\u003ccode\u003eb5af94f\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/16ad9776a801d0c47f0a05f007b88a3789aa8ab6\"\u003e\u003ccode\u003e16ad977\u003c/code\u003e\u003c/a\u003e build(deps): bump undici from 6.23.0 to 6.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/d7a12d7df895b33bd02a9b4bf62a12f2b9a24458\"\u003e\u003ccode\u003ed7a12d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/495\"\u003e#495\u003c/a\u003e from docker/dependabot/npm_and_yarn/glob-10.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/28ff27de4eed7518d361591f2cd1dfb69c34a7cb\"\u003e\u003ccode\u003e28ff27d\u003c/code\u003e\u003c/a\u003e build(deps): bump glob from 10.3.12 to 13.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/daf436b50e13d9053b9730cbc16516891878b019\"\u003e\u003ccode\u003edaf436b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/496\"\u003e#496\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-5...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/9725348367859764880f2f2e688a6b0c353e3f35\"\u003e\u003ccode\u003e9725348\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/build-push-action` from 7.1.0 to 7.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/build-push-action/releases\"\u003edocker/build-push-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1525\"\u003edocker/build-push-action#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1517\"\u003edocker/build-push-action#1517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.2 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1534\"\u003edocker/build-push-action#1534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1529\"\u003edocker/build-push-action#1529\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.5.7 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1521\"\u003edocker/build-push-action#1521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1526\"\u003edocker/build-push-action#1526\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1533\"\u003edocker/build-push-action#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003e\u003ccode\u003ef9f3042\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1517\"\u003e#1517\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/812d5fd9212a4c5d419e5be02fd8e9bb435c5d76\"\u003e\u003ccode\u003e812d5fd\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/b6f66930769f2917a3275dc4d81f15583ac7e105\"\u003e\u003ccode\u003eb6f6693\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/c1c626eced73a500ec65c4256c620b3b9e8278c0\"\u003e\u003ccode\u003ec1c626e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1525\"\u003e#1525\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/51bb284cd4d05650aa6f5e4e22cb96d2cbfe62b7\"\u003e\u003ccode\u003e51bb284\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/5f7884def8f133e8ef40c53d003d1471c05621c6\"\u003e\u003ccode\u003e5f7884d\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/e01deff7d956c756a20f3e19ff7ddc0e4a50fc1d\"\u003e\u003ccode\u003ee01deff\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1521\"\u003e#1521\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/3804d497934b39bd591ee9d1c6c9e593b4488a67\"\u003e\u003ccode\u003e3804d49\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/71e8947aac5dad23ce83a43e9c98f750e02de2f3\"\u003e\u003ccode\u003e71e8947\u003c/code\u003e\u003c/a\u003e chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/4925ad24cdbc42ff492d76cf9fe7a30b79976b60\"\u003e\u003ccode\u003e4925ad2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1526\"\u003e#1526\u003c/a\u003e from docker/dependabot/npm_and_yarn/postcss-8.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/build-push-action/compare/bcafcacb16a39f128d818304e6c9c0c18556b85f...f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `securego/gosec` from 2.25.0 to 2.27.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/securego/gosec/releases\"\u003esecurego/gosec's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.27.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e9e6a9843d7a4a6e3e9a8539b02612c8a4aa3f889 Downgrade google lib to avoid min Go version bump (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1687\"\u003e#1687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.27.0\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e0a5c6504c46569257663726ac54c7cfdad42e846 Downgrade the jsonschema dep to v0.13.0 due to incompatibility with anthropick-sdk-go (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1686\"\u003e#1686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb48e668764ca9fd826a7b84c9e9194af3227fade Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1685\"\u003e#1685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebd17b2589eb634e511b352f14fc30cb40863eefe Downgrade the github.com/invopop/jsonschema v0.13.0 to solve incopatibility with anthropic-sdk (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1683\"\u003e#1683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec6f8c3d9a75d897612c7beb55007ac5f29b2e3a2 Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1682\"\u003e#1682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e5676cbccda635b33fab15bb85e32b2e741c9372f Update vulnerabilities alerts for indirect dependencies\u003c/li\u003e\n\u003cli\u003ece167d4a37bc5fe3f49bb9be3209f9759b69ff6f Pin dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1681\"\u003e#1681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e74b726dfcebf218a1984a51b44fe962aecef5921 Skip pining for my repos\u003c/li\u003e\n\u003cli\u003ea68f8825bfa51b46cc517a5cd8baf4848e03a8d1 Update renovate configuration\u003c/li\u003e\n\u003cli\u003e2f8791bad7bf8f6a11f0b29e41aec54ddb9fcb0b Fix typo\u003c/li\u003e\n\u003cli\u003ead3778a7be907bf4e5cf5ed5c63333a377f3fb3b Update branch config in renovate config\u003c/li\u003e\n\u003cli\u003eb1583fe2f3ffb41074cb11996e58ca554c6c04e7 Migrate config renovate.json (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1678\"\u003e#1678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e139e33d474374c8e26a0e480f077526e131f43bb Update renovate to refresh the branch creation\u003c/li\u003e\n\u003cli\u003ef3c03ebb7f077f9b9ddfc64f710e0a2d2e92ded4 Update the renovate branch prefix\u003c/li\u003e\n\u003cli\u003e85814f2e3964a6d38aeb6e6002ac9268c16fcab5 Update renovate config to pin the actions dependencies by digests (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1676\"\u003e#1676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e55f051973281b15900b2b8b30aaf467a7b9127ea Migrate the html remport to react v19. (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1675\"\u003e#1675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e6ad4476d269895a4a9b77883b3e3503f7e5e4103 Manually update version to fix renovate (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1674\"\u003e#1674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e8f88312a5f80dbf04d2248d75c372d165e54e589 feat: integrate Atlas Cloud provider (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1672\"\u003e#1672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e6351b0c6fcc7d75acb230a9be7f9047aada322ae Refactor error position parsing to support path with colon. (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1673\"\u003e#1673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ede65614d10a6b84029e3e1215567b8ce7e490f23 Add two options to require rule ID and justificaiton for inline annotations (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1671\"\u003e#1671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ee354c572d957eb8bf63481cc9ba2704b58a6ae35 Fix false positive in G118 when cancel is stored in a slice/map (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1670\"\u003e#1670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e4161f0b4333859990584c9fb3fd377a892eaf477 chore(go): update supported Go versions to 1.25.10 and 1.26.3 (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1669\"\u003e#1669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb4f29347566880540afec8205b633d2859377cec Harden the github workflows and action (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1665\"\u003e#1665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb7aca268861108d4446959fa92d2fe808eb7aa6f Fix justification delimiter in annotation format doc (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1661\"\u003e#1661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e945bce72d26a794e25a122d87527d063bf887903 Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1664\"\u003e#1664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e5f4eec95fa28ce5dc6cf555de8c242cb57545f01 Update action to use gosec version v2.26.1 (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.26.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e4a3bd8af174872c778439083ded7adbf3747e770 Update cosign to v3.0.6 (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1659\"\u003e#1659\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/9e6a9843d7a4a6e3e9a8539b02612c8a4aa3f889\"\u003e\u003ccode\u003e9e6a984\u003c/code\u003e\u003c/a\u003e Downgrade google lib to avoid min Go version bump (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1687\"\u003e#1687\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/0a5c6504c46569257663726ac54c7cfdad42e846\"\u003e\u003ccode\u003e0a5c650\u003c/code\u003e\u003c/a\u003e Downgrade the jsonschema dep to v0.13.0 due to incompatibility with anthropic...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/b48e668764ca9fd826a7b84c9e9194af3227fade\"\u003e\u003ccode\u003eb48e668\u003c/code\u003e\u003c/a\u003e Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1685\"\u003e#1685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/bd17b2589eb634e511b352f14fc30cb40863eefe\"\u003e\u003ccode\u003ebd17b25\u003c/code\u003e\u003c/a\u003e Downgrade the github.com/invopop/jsonschema v0.13.0 to solve incopatibility w...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/c6f8c3d9a75d897612c7beb55007ac5f29b2e3a2\"\u003e\u003ccode\u003ec6f8c3d\u003c/code\u003e\u003c/a\u003e Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1682\"\u003e#1682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/5676cbccda635b33fab15bb85e32b2e741c9372f\"\u003e\u003ccode\u003e5676cbc\u003c/code\u003e\u003c/a\u003e Update vulnerabilities alerts for indirect dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/ce167d4a37bc5fe3f49bb9be3209f9759b69ff6f\"\u003e\u003ccode\u003ece167d4\u003c/code\u003e\u003c/a\u003e Pin dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1681\"\u003e#1681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/74b726dfcebf218a1984a51b44fe962aecef5921\"\u003e\u003ccode\u003e74b726d\u003c/code\u003e\u003c/a\u003e Skip pining for my repos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/a68f8825bfa51b46cc517a5cd8baf4848e03a8d1\"\u003e\u003ccode\u003ea68f882\u003c/code\u003e\u003c/a\u003e Update renovate configuration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/2f8791bad7bf8f6a11f0b29e41aec54ddb9fcb0b\"\u003e\u003ccode\u003e2f8791b\u003c/code\u003e\u003c/a\u003e Fix typo\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/securego/gosec/compare/223e19b8856e00f02cc67804499a83f77e208f3c...9e6a9843d7a4a6e3e9a8539b02612c8a4aa3f889\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e m...\n\n_Description has been truncated_","html_url":"https://github.com/oyakhilo20/hiero-mirror-node--020/pull/31","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/oyakhilo20%2Fhiero-mirror-node--020/issues/31","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/31/packages"},{"uuid":"4594679036","node_id":"PR_kwDOSRkwp87i-7gI","number":31,"state":"closed","title":"Bump the dependencies group across 1 directory with 11 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-12T06:12:26.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-05T06:12:00.000Z","updated_at":"2026-06-12T06:12:28.000Z","time_to_close":604826,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"dependencies","update_count":11,"packages":[{"name":"step-security/harden-runner","old_version":"2.19.0","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/checkout","old_version":"6.0.2","new_version":"6.0.3","repository_url":"https://github.com/actions/checkout"},{"name":"fluxcd/flux2","old_version":"2.8.6","new_version":"2.8.8","repository_url":"https://github.com/fluxcd/flux2"},{"name":"step-security/semver-utils","old_version":"4.3.2","new_version":"5.0.0","repository_url":"https://github.com/step-security/semver-utils"},{"name":"step-security/close-milestone","old_version":"2.2.1","new_version":"2.2.2","repository_url":"https://github.com/step-security/close-milestone"},{"name":"sigstore/cosign-installer","old_version":"4.1.1","new_version":"4.1.2","repository_url":"https://github.com/sigstore/cosign-installer"},{"name":"docker/login-action","old_version":"4.1.0","new_version":"4.2.0","repository_url":"https://github.com/docker/login-action"},{"name":"docker/setup-qemu-action","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/docker/setup-qemu-action"},{"name":"docker/setup-buildx-action","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/build-push-action","old_version":"7.1.0","new_version":"7.2.0","repository_url":"https://github.com/docker/build-push-action"},{"name":"securego/gosec","old_version":"2.25.0","new_version":"2.27.1","repository_url":"https://github.com/securego/gosec"}],"path":null,"ecosystem":"actions"},"body":"Bumps the dependencies group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.19.0` | `2.19.4` |\n| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` |\n| [fluxcd/flux2](https://github.com/fluxcd/flux2) | `2.8.6` | `2.8.8` |\n| [step-security/semver-utils](https://github.com/step-security/semver-utils) | `4.3.2` | `5.0.0` |\n| [step-security/close-milestone](https://github.com/step-security/close-milestone) | `2.2.1` | `2.2.2` |\n| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.1.1` | `4.1.2` |\n| [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` |\n| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.0.0` | `4.1.0` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` |\n| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.1.0` | `7.2.0` |\n| [securego/gosec](https://github.com/securego/gosec) | `2.25.0` | `2.27.1` |\n\n\nUpdates `step-security/harden-runner` from 2.19.0 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/376d25a97f3a1640ff8cbbddaa4af25948df2cf3\"\u003e\u003ccode\u003e376d25a\u003c/code\u003e\u003c/a\u003e fix: detect ubuntu-slim runners early and bail out\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/8d3c67de8e2fe68ef647c8db1e6a09f647780f40...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 6.0.2 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824\"\u003e\u003ccode\u003e1cce339\u003c/code\u003e\u003c/a\u003e Fix checkout init for SHA-256 repositories (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2439\"\u003e#2439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231\"\u003e\u003ccode\u003e900f221\u003c/code\u003e\u003c/a\u003e fix: expand merge commit SHA regex and add SHA-256 test cases (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2414\"\u003e#2414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98\"\u003e\u003ccode\u003e0c366fd\u003c/code\u003e\u003c/a\u003e Update changelog (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2357\"\u003e#2357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fluxcd/flux2` from 2.8.6 to 2.8.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fluxcd/flux2/releases\"\u003efluxcd/flux2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.8\u003c/h2\u003e\n\u003ch2\u003eHighlights\u003c/h2\u003e\n\u003cp\u003eFlux v2.8.8 is a patch release that includes CVE fixes via go-git v5.19.1 (source-controller, image-automation-controller), reliability fixes in helm-controller and source-controller, the move of Helm back to upstream v4.2.0, support for GCP sovereign cloud artifact registries, and dependency updates. Users are encouraged to upgrade for the best experience.\u003c/p\u003e\n\u003cp\u003eℹ️ Please follow the \u003ca href=\"https://github.com/fluxcd/flux2/discussions/5572\"\u003eUpgrade Procedure for Flux v2.7+\u003c/a\u003e for a smooth upgrade from Flux v2.6 to the latest version.\u003c/p\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a configurable HTTP timeout for artifact fetching, preventing fetches that could block indefinitely and stall reconciliations (helm-controller)\u003c/li\u003e\n\u003cli\u003eFix unbounded memory growth caused by a Kubernetes client transport retry wrapper accumulating on every reconcile (helm-controller)\u003c/li\u003e\n\u003cli\u003eStop force-applying non-CRD objects placed under a chart's \u003ccode\u003ecrds/\u003c/code\u003e directory (helm-controller)\u003c/li\u003e\n\u003cli\u003eFix the Helm test action failing to find releases with names longer than 53 characters (helm-controller)\u003c/li\u003e\n\u003cli\u003eImprove path handling in the source reconcilers (source-controller)\u003c/li\u003e\n\u003cli\u003eSupport Helm semver build-metadata encoding in OCIRepository tags (source-controller)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eImprovements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate go-git to v5.19.1 which fixes \u003ca href=\"https://github.com/advisories/GHSA-crhj-59gh-8x96\"\u003eCVE-2026-45571\u003c/a\u003e and \u003ca href=\"https://github.com/advisories/GHSA-m7cr-m3pv-hgrp\"\u003eCVE-2026-45570\u003c/a\u003e (source-controller, image-automation-controller)\u003c/li\u003e\n\u003cli\u003eMove Helm back to upstream v4.2.0 (source-controller, helm-controller)\u003c/li\u003e\n\u003cli\u003eAdd support for GCP sovereign cloud artifact registries (source-controller, image-reflector-controller)\u003c/li\u003e\n\u003cli\u003eUpgrade Kubernetes to 1.36.1 (source-controller, helm-controller)\u003c/li\u003e\n\u003cli\u003eUpdate fluxcd/pkg dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eComponents changelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ehelm-controller \u003ca href=\"https://github.com/fluxcd/helm-controller/blob/v1.5.5/CHANGELOG.md\"\u003ev1.5.5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimage-automation-controller \u003ca href=\"https://github.com/fluxcd/image-automation-controller/blob/v1.1.4/CHANGELOG.md\"\u003ev1.1.4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimage-reflector-controller \u003ca href=\"https://github.com/fluxcd/image-reflector-controller/blob/v1.1.2/CHANGELOG.md\"\u003ev1.1.2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esource-controller \u003ca href=\"https://github.com/fluxcd/source-controller/blob/v1.8.5/CHANGELOG.md\"\u003ev1.8.5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCLI changelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate toolkit components by \u003ca href=\"https://github.com/fluxcdbot\"\u003e\u003ccode\u003e@​fluxcdbot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fluxcd/flux2/pull/5904\"\u003efluxcd/flux2#5904\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fluxcd/flux2/compare/v2.8.7...v2.8.8\"\u003ehttps://github.com/fluxcd/flux2/compare/v2.8.7...v2.8.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.7\u003c/h2\u003e\n\u003ch2\u003eHighlights\u003c/h2\u003e\n\u003cp\u003eFlux v2.8.7 is a patch release that includes a bug fix in kustomize-controller, a CVE fix in source-controller and image-automation-controller via go-git v5.19.0, and dependency updates. Users are encouraged to upgrade for the best experience.\u003c/p\u003e\n\u003cp\u003eℹ️ Please follow the \u003ca href=\"https://github.com/fluxcd/flux2/discussions/5572\"\u003eUpgrade Procedure for Flux v2.7+\u003c/a\u003e for a smooth upgrade from Flux v2.6 to the latest version.\u003c/p\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix management of objects annotated with \u003ccode\u003ekustomize.toolkit.fluxcd.io/ssa: IfNotPresent\u003c/code\u003e where non-namespaced resources were being deleted and recreated on each reconciliation (kustomize-controller)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eImprovements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate go-git to v5.19.0 which fixes \u003ca href=\"https://github.com/advisories/GHSA-389r-gv7p-r3rp\"\u003eCVE-2026-45022\u003c/a\u003e (source-controller, image-automation-controller)\u003c/li\u003e\n\u003cli\u003eUpdate fluxcd/pkg dependencies (source-controller, kustomize-controller, image-automation-controller)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eComponents changelog\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/1fd61a06264d71cf445ed55c4f14d401d26a1c64\"\u003e\u003ccode\u003e1fd61a0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5904\"\u003e#5904\u003c/a\u003e from fluxcd/update-components-release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/477f048ec0c3c47ce402c5be45cb67b9b2b84386\"\u003e\u003ccode\u003e477f048\u003c/code\u003e\u003c/a\u003e Update toolkit components\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/0acfaa26c6219cb08e3add4432b981436b2a4f49\"\u003e\u003ccode\u003e0acfaa2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5899\"\u003e#5899\u003c/a\u003e from fluxcd/update-pkg-deps/release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/264957f40bef9d139323341e7466548ebba17c27\"\u003e\u003ccode\u003e264957f\u003c/code\u003e\u003c/a\u003e Update fluxcd/pkg dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/54e4ba378e155ada619caafdc599e5c4d759ce5c\"\u003e\u003ccode\u003e54e4ba3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5891\"\u003e#5891\u003c/a\u003e from fluxcd/update-components-release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/d2fbb16656555a93adfb5aa0ec7ca145919acacb\"\u003e\u003ccode\u003ed2fbb16\u003c/code\u003e\u003c/a\u003e Update toolkit components\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/66533d7c9027618340b96e7a925cbef4f43f4dfc\"\u003e\u003ccode\u003e66533d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5882\"\u003e#5882\u003c/a\u003e from fluxcd/backport-5881-to-release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/7ac36233f338adf90eb7546533f87c23a32d50fc\"\u003e\u003ccode\u003e7ac3623\u003c/code\u003e\u003c/a\u003e include source-watcher in install manifests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fluxcd/flux2/compare/04acaec6161ac4fb1a82ffafa88901c03271d34f...1fd61a06264d71cf445ed55c4f14d401d26a1c64\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `step-security/semver-utils` from 4.3.2 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/semver-utils/releases\"\u003estep-security/semver-utils's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/220\"\u003estep-security/semver-utils#220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/221\"\u003estep-security/semver-utils#221\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade packages to fix vulnerabilities by \u003ca href=\"https://github.com/Raj-StepSecurity\"\u003e\u003ccode\u003e@​Raj-StepSecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/222\"\u003estep-security/semver-utils#222\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/223\"\u003estep-security/semver-utils#223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/224\"\u003estep-security/semver-utils#224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Remove guarddog.yml by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/225\"\u003estep-security/semver-utils#225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/227\"\u003estep-security/semver-utils#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add claude review workflow by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/228\"\u003estep-security/semver-utils#228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: added banner and update subscription check to make maintained actions free for public repos by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/226\"\u003estep-security/semver-utils#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 4.1.1 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/175\"\u003estep-security/semver-utils#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/202\"\u003estep-security/semver-utils#202\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github/codeql-action from 3.24.3 to 4.35.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/218\"\u003estep-security/semver-utils#218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/dependency-review-action from 4.1.3 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/209\"\u003estep-security/semver-utils#209\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Update auto cherry-pick workflow by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/230\"\u003estep-security/semver-utils#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Cherry-picked changes from upstream by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/229\"\u003estep-security/semver-utils#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/225\"\u003estep-security/semver-utils#225\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/semver-utils/compare/v4...v5.0.0\"\u003ehttps://github.com/step-security/semver-utils/compare/v4...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/5bb182a08240146b23b61cc002cb74004377da4b\"\u003e\u003ccode\u003e5bb182a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/229\"\u003e#229\u003c/a\u003e from step-security/auto-cherry-pick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/57d3f51f108d62d579217a48d6ea0098e9a183ee\"\u003e\u003ccode\u003e57d3f51\u003c/code\u003e\u003c/a\u003e chore: Bump version in package.json and lock file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/6ac856db625c45a3598e902d3d41ff82e6c6225b\"\u003e\u003ccode\u003e6ac856d\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into auto-cherry-pick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/b36e30950176cfdc82294700f613aa2bcffe72f0\"\u003e\u003ccode\u003eb36e309\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/230\"\u003e#230\u003c/a\u003e from step-security/fix-auto-cherry-pick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/385280376f65b1dfeedc496f98d305d0b42ab1a0\"\u003e\u003ccode\u003e3852803\u003c/code\u003e\u003c/a\u003e fix: Update auto cherry-pick workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/dbfcfd87d115b9a32284e1b53930aae83c1820e5\"\u003e\u003ccode\u003edbfcfd8\u003c/code\u003e\u003c/a\u003e chore: Cherry-pick changes from upstream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/ecb04aec3bade353524b29c14ba3579d7c45779c\"\u003e\u003ccode\u003eecb04ae\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/ba69ca4900a31d80c7f4d9556f25e85777cbcaa7\"\u003e\u003ccode\u003eba69ca4\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/6f8e4f9839152d933a82fe6bdf6802d389b120d7\"\u003e\u003ccode\u003e6f8e4f9\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/9e44e9ebb00a2d5a1d8ef8886eb5c2a809949843\"\u003e\u003ccode\u003e9e44e9e\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/semver-utils/compare/4ae9c1fd6d1c5f8f152fe7e2efe8069a952c2ace...5bb182a08240146b23b61cc002cb74004377da4b\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `step-security/close-milestone` from 2.2.1 to 2.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/close-milestone/releases\"\u003estep-security/close-milestone's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/109\"\u003estep-security/close-milestone#109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/125\"\u003estep-security/close-milestone#125\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/126\"\u003estep-security/close-milestone#126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/127\"\u003estep-security/close-milestone#127\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/128\"\u003estep-security/close-milestone#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/129\"\u003estep-security/close-milestone#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/130\"\u003estep-security/close-milestone#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/131\"\u003estep-security/close-milestone#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/132\"\u003estep-security/close-milestone#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/133\"\u003estep-security/close-milestone#133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/134\"\u003estep-security/close-milestone#134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade packages to fix vulnerabilities by \u003ca href=\"https://github.com/Raj-StepSecurity\"\u003e\u003ccode\u003e@​Raj-StepSecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/135\"\u003estep-security/close-milestone#135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/136\"\u003estep-security/close-milestone#136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/137\"\u003estep-security/close-milestone#137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/138\"\u003estep-security/close-milestone#138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Remove guarddog.yml by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/139\"\u003estep-security/close-milestone#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/141\"\u003estep-security/close-milestone#141\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/142\"\u003estep-security/close-milestone#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: create claude_review.yml by \u003ca href=\"https://github.com/amanstep\"\u003e\u003ccode\u003e@​amanstep\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/143\"\u003estep-security/close-milestone#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: added banner and update subscription check to make maintained actions free for public repos by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/140\"\u003estep-security/close-milestone#140\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/139\"\u003estep-security/close-milestone#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amanstep\"\u003e\u003ccode\u003e@​amanstep\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/143\"\u003estep-security/close-milestone#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/close-milestone/compare/v2...v2.2.2\"\u003ehttps://github.com/step-security/close-milestone/compare/v2...v2.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/d6e3b63e31f1f869bd3d0403f8cdc1a68f59ab4a\"\u003e\u003ccode\u003ed6e3b63\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/140\"\u003e#140\u003c/a\u003e from step-security/feat/update-subscription-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/863f964626093731ac2c636fa7dc5ff3d2644274\"\u003e\u003ccode\u003e863f964\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into feat/update-subscription-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/e1b596a61a6ecc976f5da769dd6d7fa404a0d678\"\u003e\u003ccode\u003ee1b596a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/143\"\u003e#143\u003c/a\u003e from step-security/amanstep-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/46baafa0c6c0df51b9d34812be4ae404ccbd2e46\"\u003e\u003ccode\u003e46baafa\u003c/code\u003e\u003c/a\u003e format: fixed formatting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/6bc6bcafec2bf2bebc8ab86081cdd0b8f2630caf\"\u003e\u003ccode\u003e6bc6bca\u003c/code\u003e\u003c/a\u003e ci: create claude_review.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/e988771562706195b18b9441460b11d785b5904d\"\u003e\u003ccode\u003ee988771\u003c/code\u003e\u003c/a\u003e chore: dist updated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/07bcad02d188d4bdc830f6403f27aa3a63d9230e\"\u003e\u003ccode\u003e07bcad0\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into feat/update-subscription-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/bde7f30187b35ad62a306764515a07135f09a465\"\u003e\u003ccode\u003ebde7f30\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/142\"\u003e#142\u003c/a\u003e from step-security/npm-audit-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/c147b794f062d8a0fa8066b154701c8dda26b2ca\"\u003e\u003ccode\u003ec147b79\u003c/code\u003e\u003c/a\u003e fix: apply audit fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/5e1530b9f64d08ab27a6804b967af5a24b50792d\"\u003e\u003ccode\u003e5e1530b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/141\"\u003e#141\u003c/a\u003e from step-security/npm-audit-fix\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/close-milestone/compare/b097272a7aaa0f5c40dc6bc671d45d35c5e85b51...d6e3b63e31f1f869bd3d0403f8cdc1a68f59ab4a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sigstore/cosign-installer` from 4.1.1 to 4.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sigstore/cosign-installer/releases\"\u003esigstore/cosign-installer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump cosign to 3.0.6 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/232\"\u003esigstore/cosign-installer#232\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003e\u003ccode\u003e6f9f177\u003c/code\u003e\u003c/a\u003e Bump cosign to 3.0.6 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/b5e753ae2d39589c7b38850b463739151fc67f07\"\u003e\u003ccode\u003eb5e753a\u003c/code\u003e\u003c/a\u003e Bump actions/github-script from 8.0.0 to 9.0.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/230\"\u003e#230\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/115e4ce455e573aa6e9ba51e8d040ddd5c1378af\"\u003e\u003ccode\u003e115e4ce\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 6.3.0 to 6.4.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003...6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/login-action` from 4.1.0 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/login-action/releases\"\u003edocker/login-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/976\"\u003edocker/login-action#976\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1050.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/960\"\u003edocker/login-action#960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/970\"\u003edocker/login-action#970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.1 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/993\"\u003edocker/login-action#993\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/985\"\u003edocker/login-action#985\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.6 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/963\"\u003edocker/login-action#963\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 9.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/961\"\u003edocker/login-action#961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/979\"\u003edocker/login-action#979\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/991\"\u003edocker/login-action#991\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.3 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/986\"\u003edocker/login-action#986\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.1.0...v4.2.0\"\u003ehttps://github.com/docker/login-action/compare/v4.1.0...v4.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003e\u003ccode\u003e650006c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/960\"\u003e#960\u003c/a\u003e from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/99df1a3f6d65e48177ea57671a50e2242eae4b63\"\u003e\u003ccode\u003e99df1a3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3ab375f324f46da5f6901efeda4be4e2566ebaa2\"\u003e\u003ccode\u003e3ab375f\u003c/code\u003e\u003c/a\u003e build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/39d85804ae465a1816c68ff58158ec66883981b4\"\u003e\u003ccode\u003e39d8580\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/970\"\u003e#970\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/4eefcd33ca7213989697445a78b6730274bfaba6\"\u003e\u003ccode\u003e4eefcd3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/56d092c8b3f04006c22f4fc20a2b3d2442caed56\"\u003e\u003ccode\u003e56d092c\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/e2e31ca87063ae00fd41ad3b9c548dd8ec24c5ff\"\u003e\u003ccode\u003ee2e31ca\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/976\"\u003e#976\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/0bced941e843afc786fbfd58b1c6c13ca11e09c9\"\u003e\u003ccode\u003e0bced94\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3e75a0f266b07e09777a621d0ca5f4432ef9f10c\"\u003e\u003ccode\u003e3e75a0f\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/365bebd9d646160567ebad47824f026e09ee6970\"\u003e\u003ccode\u003e365bebd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/984\"\u003e#984\u003c/a\u003e from docker/dependabot/github_actions/aws-actions/con...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/login-action/compare/4907a6ddec9925e35a0a9e82d7399ccc52663121...650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-qemu-action` from 4.0.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-qemu-action/releases\"\u003edocker/setup-qemu-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ereset\u003c/code\u003e input to uninstall current emulators by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/21\"\u003edocker/setup-qemu-action#21\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.77.0 to 0.91.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/250\"\u003edocker/setup-qemu-action#250\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/247\"\u003edocker/setup-qemu-action#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.15 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/265\"\u003edocker/setup-qemu-action#265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.0.0 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/286\"\u003edocker/setup-qemu-action#286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/255\"\u003edocker/setup-qemu-action#255\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/257\"\u003edocker/setup-qemu-action#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.15 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/254\"\u003edocker/setup-qemu-action#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/262\"\u003edocker/setup-qemu-action#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/273\"\u003edocker/setup-qemu-action#273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/285\"\u003edocker/setup-qemu-action#285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/287\"\u003edocker/setup-qemu-action#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tmp from 0.2.5 to 0.2.6 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/291\"\u003edocker/setup-qemu-action#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.26.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/251\"\u003edocker/setup-qemu-action#251\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/271\"\u003edocker/setup-qemu-action#271\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-qemu-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/setup-qemu-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/06116385d9baf250c9f4dcb4858b16962ea869c3\"\u003e\u003ccode\u003e0611638\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/21\"\u003e#21\u003c/a\u003e from crazy-max/uninst\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/ce59c818a5ff16552ddf7407ee7cb00bea682925\"\u003e\u003ccode\u003ece59c81\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/2ddad4401e17fa807e8a3c4bd289ccdd993f0868\"\u003e\u003ccode\u003e2ddad44\u003c/code\u003e\u003c/a\u003e uninstall current emulators\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/8c37cd6f3456e1f3f3026250eac496709e9e7e10\"\u003e\u003ccode\u003e8c37cd6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/250\"\u003e#250\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/d1a0ff34af591b8e290e46f3fa114ef5bb81cd1c\"\u003e\u003ccode\u003ed1a0ff3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/0a8f3dc12541cc2c3b19c182a1a2c90a2c8b8d93\"\u003e\u003ccode\u003e0a8f3dc\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.91.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/9430f61a7691bd1bfdc4d6ba70e558659d36fa7a\"\u003e\u003ccode\u003e9430f61\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/291\"\u003e#291\u003c/a\u003e from docker/dependabot/npm_and_yarn/tmp-0.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/978bd7796cb6698377e7af6726b726e5ced642d0\"\u003e\u003ccode\u003e978bd77\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/3479febc62cc0fbcb98c7c7fc0dac778c0d79d6a\"\u003e\u003ccode\u003e3479feb\u003c/code\u003e\u003c/a\u003e build(deps): bump tmp from 0.2.5 to 0.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/b113c264143c28c2974bed61af25be32d32f4782\"\u003e\u003ccode\u003eb113c26\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/255\"\u003e#255\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-5...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-qemu-action/compare/ce360397dd3f832beb865e1373c09c0e9f86d70a...06116385d9baf250c9f4dcb4858b16962ea869c3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-buildx-action` from 4.0.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-buildx-action/releases\"\u003edocker/setup-buildx-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/489\"\u003edocker/setup-buildx-action#489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/547\"\u003edocker/setup-buildx-action#547\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/508\"\u003edocker/setup-buildx-action#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.0.0 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/540\"\u003edocker/setup-buildx-action#540\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/496\"\u003edocker/setup-buildx-action#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/499\"\u003edocker/setup-buildx-action#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 13.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/495\"\u003edocker/setup-buildx-action#495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/504\"\u003edocker/setup-buildx-action#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/523\"\u003edocker/setup-buildx-action#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/503\"\u003edocker/setup-buildx-action#503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/537\"\u003edocker/setup-buildx-action#537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/545\"\u003edocker/setup-buildx-action#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.25.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/492\"\u003edocker/setup-buildx-action#492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/520\"\u003edocker/setup-buildx-action#520\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5\"\u003e\u003ccode\u003ed7f5e7f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/489\"\u003e#489\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/92bc5c9777806d0a73d9d668ba2114fa1177f164\"\u003e\u003ccode\u003e92bc5c9\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/da11e35abee0f20cb4f1c1b7c461d37c29be52f5\"\u003e\u003ccode\u003eda11e35\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/f021e162ef95b6fba51af1c6674f537f25bce851\"\u003e\u003ccode\u003ef021e16\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/492\"\u003e#492\u003c/a\u003e from docker/dependabot/npm_and_yarn/undici-6.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/b5af94fab700aee0c64d6077e0e34ae987815b67\"\u003e\u003ccode\u003eb5af94f\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/16ad9776a801d0c47f0a05f007b88a3789aa8ab6\"\u003e\u003ccode\u003e16ad977\u003c/code\u003e\u003c/a\u003e build(deps): bump undici from 6.23.0 to 6.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/d7a12d7df895b33bd02a9b4bf62a12f2b9a24458\"\u003e\u003ccode\u003ed7a12d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/495\"\u003e#495\u003c/a\u003e from docker/dependabot/npm_and_yarn/glob-10.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/28ff27de4eed7518d361591f2cd1dfb69c34a7cb\"\u003e\u003ccode\u003e28ff27d\u003c/code\u003e\u003c/a\u003e build(deps): bump glob from 10.3.12 to 13.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/daf436b50e13d9053b9730cbc16516891878b019\"\u003e\u003ccode\u003edaf436b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/496\"\u003e#496\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-5...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/9725348367859764880f2f2e688a6b0c353e3f35\"\u003e\u003ccode\u003e9725348\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/build-push-action` from 7.1.0 to 7.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/build-push-action/releases\"\u003edocker/build-push-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1525\"\u003edocker/build-push-action#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1517\"\u003edocker/build-push-action#1517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.2 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1534\"\u003edocker/build-push-action#1534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1529\"\u003edocker/build-push-action#1529\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.5.7 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1521\"\u003edocker/build-push-action#1521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1526\"\u003edocker/build-push-action#1526\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1533\"\u003edocker/build-push-action#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003e\u003ccode\u003ef9f3042\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1517\"\u003e#1517\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/812d5fd9212a4c5d419e5be02fd8e9bb435c5d76\"\u003e\u003ccode\u003e812d5fd\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/b6f66930769f2917a3275dc4d81f15583ac7e105\"\u003e\u003ccode\u003eb6f6693\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/c1c626eced73a500ec65c4256c620b3b9e8278c0\"\u003e\u003ccode\u003ec1c626e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1525\"\u003e#1525\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/51bb284cd4d05650aa6f5e4e22cb96d2cbfe62b7\"\u003e\u003ccode\u003e51bb284\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/5f7884def8f133e8ef40c53d003d1471c05621c6\"\u003e\u003ccode\u003e5f7884d\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/e01deff7d956c756a20f3e19ff7ddc0e4a50fc1d\"\u003e\u003ccode\u003ee01deff\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1521\"\u003e#1521\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/3804d497934b39bd591ee9d1c6c9e593b4488a67\"\u003e\u003ccode\u003e3804d49\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/71e8947aac5dad23ce83a43e9c98f750e02de2f3\"\u003e\u003ccode\u003e71e8947\u003c/code\u003e\u003c/a\u003e chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/4925ad24cdbc42ff492d76cf9fe7a30b79976b60\"\u003e\u003ccode\u003e4925ad2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1526\"\u003e#1526\u003c/a\u003e from docker/dependabot/npm_and_yarn/postcss-8.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/build-push-action/compare/bcafcacb16a39f128d818304e6c9c0c18556b85f...f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `securego/gosec` from 2.25.0 to 2.27.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/securego/gosec/releases\"\u003esecurego/gosec's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.27.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e9e6a9843d7a4a6e3e9a8539b02612c8a4aa3f889 Downgrade google lib to avoid min Go version bump (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1687\"\u003e#1687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.27.0\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e0a5c6504c46569257663726ac54c7cfdad42e846 Downgrade the jsonschema dep to v0.13.0 due to incompatibility with anthropick-sdk-go (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1686\"\u003e#1686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb48e668764ca9fd826a7b84c9e9194af3227fade Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1685\"\u003e#1685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebd17b2589eb634e511b352f14fc30cb40863eefe Downgrade the github.com/invopop/jsonschema v0.13.0 to solve incopatibility with anthropic-sdk (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1683\"\u003e#1683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec6f8c3d9a75d897612c7beb55007ac5f29b2e3a2 Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1682\"\u003e#1682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e5676cbccda635b33fab15bb85e32b2e741c9372f Update vulnerabilities alerts for indirect dependencies\u003c/li\u003e\n\u003cli\u003ece167d4a37bc5fe3f49bb9be3209f9759b69ff6f Pin dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1681\"\u003e#1681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e74b726dfcebf218a1984a51b44fe962aecef5921 Skip pining for my repos\u003c/li\u003e\n\u003cli\u003ea68f8825bfa51b46cc517a5cd8baf4848e03a8d1 Update renovate configuration\u003c/li\u003e\n\u003cli\u003e2f8791bad7bf8f6a11f0b29e41aec54ddb9fcb0b Fix typo\u003c/li\u003e\n\u003cli\u003ead3778a7be907bf4e5cf5ed5c63333a377f3fb3b Update branch config in renovate config\u003c/li\u003e\n\u003cli\u003eb1583fe2f3ffb41074cb11996e58ca554c6c04e7 Migrate config renovate.json (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1678\"\u003e#1678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e139e33d474374c8e26a0e480f077526e131f43bb Update renovate to refresh the branch creation\u003c/li\u003e\n\u003cli\u003ef3c03ebb7f077f9b9ddfc64f710e0a2d2e92ded4 Update the renovate branch prefix\u003c/li\u003e\n\u003cli\u003e85814f2e3964a6d38aeb6e6002ac9268c16fcab5 Update renovate config to pin the actions dependencies by digests (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1676\"\u003e#1676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e55f051973281b15900b2b8b30aaf467a7b9127ea Migrate the html remport to react v19. (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1675\"\u003e#1675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e6ad4476d269895a4a9b77883b3e3503f7e5e4103 Manually update version to fix renovate (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1674\"\u003e#1674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e8f88312a5f80dbf04d2248d75c372d165e54e589 feat: integrate Atlas Cloud provider (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1672\"\u003e#1672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e6351b0c6fcc7d75acb230a9be7f9047aada322ae Refactor error position parsing to support path with colon. (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1673\"\u003e#1673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ede65614d10a6b84029e3e1215567b8ce7e490f23 Add two options to require rule ID and justificaiton for inline annotations (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1671\"\u003e#1671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ee354c572d957eb8bf63481cc9ba2704b58a6ae35 Fix false positive in G118 when cancel is stored in a slice/map (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1670\"\u003e#1670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e4161f0b4333859990584c9fb3fd377a892eaf477 chore(go): update supported Go versions to 1.25.10 and 1.26.3 (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1669\"\u003e#1669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb4f29347566880540afec8205b633d2859377cec Harden the github workflows and action (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1665\"\u003e#1665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb7aca268861108d4446959fa92d2fe808eb7aa6f Fix justification delimiter in annotation format doc (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1661\"\u003e#1661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e945bce72d26a794e25a122d87527d063bf887903 Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1664\"\u003e#1664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e5f4eec95fa28ce5dc6cf555de8c242cb57545f01 Update action to use gosec version v2.26.1 (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.26.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e4a3bd8af174872c778439083ded7adbf3747e770 Update cosign to v3.0.6 (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1659\"\u003e#1659\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/9e6a9843d7a4a6e3e9a8539b02612c8a4aa3f889\"\u003e\u003ccode\u003e9e6a984\u003c/code\u003e\u003c/a\u003e Downgrade google lib to avoid min Go version bump (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1687\"\u003e#1687\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/0a5c6504c46569257663726ac54c7cfdad42e846\"\u003e\u003ccode\u003e0a5c650\u003c/code\u003e\u003c/a\u003e Downgrade the jsonschema dep to v0.13.0 due to incompatibility with anthropic...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/b48e668764ca9fd826a7b84c9e9194af3227fade\"\u003e\u003ccode\u003eb48e668\u003c/code\u003e\u003c/a\u003e Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1685\"\u003e#1685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/bd17b2589eb634e511b352f14fc30cb40863eefe\"\u003e\u003ccode\u003ebd17b25\u003c/code\u003e\u003c/a\u003e Downgrade the github.com/invopop/jsonschema v0.13.0 to solve incopatibility w...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/c6f8c3d9a75d897612c7beb55007ac5f29b2e3a2\"\u003e\u003ccode\u003ec6f8c3d\u003c/code\u003e\u003c/a\u003e Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1682\"\u003e#1682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/5676cbccda635b33fab15bb85e32b2e741c9372f\"\u003e\u003ccode\u003e5676cbc\u003c/code\u003e\u003c/a\u003e Update vulnerabilities alerts for indirect dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/ce167d4a37bc5fe3f49bb9be3209f9759b69ff6f\"\u003e\u003ccode\u003ece167d4\u003c/code\u003e\u003c/a\u003e Pin dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1681\"\u003e#1681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/74b726dfcebf218a1984a51b44fe962aecef5921\"\u003e\u003ccode\u003e74b726d\u003c/code\u003e\u003c/a\u003e Skip pining for my repos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/a68f8825bfa51b46cc517a5cd8baf4848e03a8d1\"\u003e\u003ccode\u003ea68f882\u003c/code\u003e\u003c/a\u003e Update renovate configuration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/2f8791bad7bf8f6a11f0b29e41aec54ddb9fcb0b\"\u003e\u003ccode\u003e2f8791b\u003c/code\u003e\u003c/a\u003e Fix typo\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/securego/gosec/compare/223e19b8856e00f02cc67804499a83f77e208f3c...9e6a9843d7a4a6e3e9a8539b02612c8a4aa3f889\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e m...\n\n_Description has been truncated_","html_url":"https://github.com/oyakhilo20/hiero-mirror-node--040/pull/31","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/oyakhilo20%2Fhiero-mirror-node--040/issues/31","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/31/packages"},{"uuid":"4587362872","node_id":"PR_kwDOL6cqfs7im1Ui","number":330,"state":"closed","title":"chore(deps): bump the github-actions group across 1 directory with 18 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-05T23:37:01.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-04T09:05:10.000Z","updated_at":"2026-06-05T23:37:03.000Z","time_to_close":138711,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-actions","update_count":18,"packages":[{"name":"step-security/harden-runner","old_version":"2.13.0","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/checkout","old_version":"4.2.2","new_version":"6.0.3","repository_url":"https://github.com/actions/checkout"},{"name":"crate-ci/typos","old_version":"1.34.0","new_version":"1.47.2","repository_url":"https://github.com/crate-ci/typos"},{"name":"gitleaks/gitleaks-action","old_version":"2.3.9","new_version":"3.0.0","repository_url":"https://github.com/gitleaks/gitleaks-action"},{"name":"github/codeql-action","old_version":"3","new_version":"4","repository_url":"https://github.com/github/codeql-action"},{"name":"aquasecurity/trivy-action","old_version":"0.32.0","new_version":"0.36.0","repository_url":"https://github.com/aquasecurity/trivy-action"},{"name":"codecov/test-results-action","old_version":"1.1.1","new_version":"1.2.1","repository_url":"https://github.com/codecov/test-results-action"},{"name":"codecov/codecov-action","old_version":"5.4.3","new_version":"6.0.1","repository_url":"https://github.com/codecov/codecov-action"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"zaproxy/action-full-scan","old_version":"0.12.0","new_version":"0.13.0","repository_url":"https://github.com/zaproxy/action-full-scan"},{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"},{"name":"ossf/scorecard-action","old_version":"2.4.2","new_version":"2.4.3","repository_url":"https://github.com/ossf/scorecard-action"},{"name":"actions/download-artifact","old_version":"4.3.0","new_version":"8.0.1","repository_url":"https://github.com/actions/download-artifact"},{"name":"softprops/action-gh-release","old_version":"2.3.2","new_version":"3.0.0","repository_url":"https://github.com/softprops/action-gh-release"},{"name":"actions/dependency-review-action","old_version":"4.7.1","new_version":"5.0.0","repository_url":"https://github.com/actions/dependency-review-action"},{"name":"dependabot/fetch-metadata","old_version":"2.4.0","new_version":"3.1.0","repository_url":"https://github.com/dependabot/fetch-metadata"},{"name":"madhead/semver-utils","old_version":"4.3.0","new_version":"5.0.0","repository_url":"https://github.com/madhead/semver-utils"},{"name":"actions/setup-python","old_version":"5.6.0","new_version":"6.2.0","repository_url":"https://github.com/actions/setup-python"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 18 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.13.0` | `2.19.4` |\n| [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `6.0.3` |\n| [crate-ci/typos](https://github.com/crate-ci/typos) | `1.34.0` | `1.47.2` |\n| [gitleaks/gitleaks-action](https://github.com/gitleaks/gitleaks-action) | `2.3.9` | `3.0.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` |\n| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.32.0` | `0.36.0` |\n| [codecov/test-results-action](https://github.com/codecov/test-results-action) | `1.1.1` | `1.2.1` |\n| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.4.3` | `6.0.1` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [zaproxy/action-full-scan](https://github.com/zaproxy/action-full-scan) | `0.12.0` | `0.13.0` |\n| [actions/github-script](https://github.com/actions/github-script) | `7` | `9` |\n| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.2` | `2.4.3` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` |\n| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.3.2` | `3.0.0` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.7.1` | `5.0.0` |\n| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.4.0` | `3.1.0` |\n| [madhead/semver-utils](https://github.com/madhead/semver-utils) | `4.3.0` | `5.0.0` |\n| [actions/setup-python](https://github.com/actions/setup-python) | `5.6.0` | `6.2.0` |\n\n\nUpdates `step-security/harden-runner` from 2.13.0 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/harden-runner/compare/ec9f2d5744a09debf3a187a3f4f675c53b671911...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 4.2.2 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824\"\u003e\u003ccode\u003e1cce339\u003c/code\u003e\u003c/a\u003e Fix checkout init for SHA-256 repositories (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2439\"\u003e#2439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231\"\u003e\u003ccode\u003e900f221\u003c/code\u003e\u003c/a\u003e fix: expand merge commit SHA regex and add SHA-256 test cases (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2414\"\u003e#2414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98\"\u003e\u003ccode\u003e0c366fd\u003c/code\u003e\u003c/a\u003e Update changelog (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2357\"\u003e#2357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/11bd71901bbe5b1630ceea73d27597364c9af683...df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `crate-ci/typos` from 1.34.0 to 1.47.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/crate-ci/typos/releases\"\u003ecrate-ci/typos's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.47.2\u003c/h2\u003e\n\u003ch2\u003e[1.47.2] - 2026-06-04\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't correct \u003ccode\u003einferrable\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCorrect unused \u003ccode\u003einferible\u003c/code\u003e variant\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.47.1\u003c/h2\u003e\n\u003ch2\u003e[1.47.1] - 2026-06-03\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't correct \u003ccode\u003erequestors\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.47.0\u003c/h2\u003e\n\u003ch2\u003e[1.47.0] - 2026-05-29\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated the dictionary with the \u003ca href=\"https://redirect.github.com/crate-ci/typos/issues/1545\"\u003eMay 2026\u003c/a\u003e changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.46.3\u003c/h2\u003e\n\u003ch2\u003e[1.46.3] - 2026-05-23\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't correct to \u003ccode\u003esequentials\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDon't correct to \u003ccode\u003esubdolder\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.46.2\u003c/h2\u003e\n\u003ch2\u003e[1.46.2] - 2026-05-16\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't correct to \u003ccode\u003ecriterias\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDon't correct to \u003ccode\u003ereplaceables\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.46.1\u003c/h2\u003e\n\u003ch2\u003e[1.46.1] - 2026-05-08\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't correct to \u003ccode\u003econfidentials\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.46.0\u003c/h2\u003e\n\u003ch2\u003e[1.46.0] - 2026-04-30\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/crate-ci/typos/blob/master/CHANGELOG.md\"\u003ecrate-ci/typos's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChange Log\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"https://semver.org/\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e[Unreleased] - ReleaseDate\u003c/h2\u003e\n\u003ch2\u003e[1.47.2] - 2026-06-04\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't correct \u003ccode\u003einferrable\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCorrect unused \u003ccode\u003einferible\u003c/code\u003e variant\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.47.1] - 2026-06-03\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't correct \u003ccode\u003erequestors\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.47.0] - 2026-05-29\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated the dictionary with the \u003ca href=\"https://redirect.github.com/crate-ci/typos/issues/1545\"\u003eMay 2026\u003c/a\u003e changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.46.3] - 2026-05-23\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't correct to \u003ccode\u003esequentials\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDon't correct to \u003ccode\u003esubdolder\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.46.2] - 2026-05-16\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't correct to \u003ccode\u003ecriterias\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDon't correct to \u003ccode\u003ereplaceables\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.46.1] - 2026-05-08\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't correct to \u003ccode\u003econfidentials\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.46.0] - 2026-04-30\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crate-ci/typos/commit/37bb98842b0d8c4ffebdb75301a13db0267cef89\"\u003e\u003ccode\u003e37bb988\u003c/code\u003e\u003c/a\u003e chore: Release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crate-ci/typos/commit/cf0d28060ca881bc27ff40b3bdbf29e6b965aec9\"\u003e\u003ccode\u003ecf0d280\u003c/code\u003e\u003c/a\u003e docs: Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crate-ci/typos/commit/365762c5b7f8c0893e9c2cc2f28ad346d3a5d540\"\u003e\u003ccode\u003e365762c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/crate-ci/typos/issues/1569\"\u003e#1569\u003c/a\u003e from epage/infer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crate-ci/typos/commit/ee20d2ae6a3289fd9199670a32eb0ef116f821c6\"\u003e\u003ccode\u003eee20d2a\u003c/code\u003e\u003c/a\u003e fix(dict): Allow inferrable, disallow inferible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crate-ci/typos/commit/44e2070e6017f834bf069503acb35ca0ca0b75f2\"\u003e\u003ccode\u003e44e2070\u003c/code\u003e\u003c/a\u003e chore: Release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crate-ci/typos/commit/e10d108c2ad5ba9c5271cc8187b3542620754107\"\u003e\u003ccode\u003ee10d108\u003c/code\u003e\u003c/a\u003e docs: Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crate-ci/typos/commit/06f8734ce409b4da0b249a0fb43d261e2deef073\"\u003e\u003ccode\u003e06f8734\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/crate-ci/typos/issues/1566\"\u003e#1566\u003c/a\u003e from epage/fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crate-ci/typos/commit/a12d104c3773d39452966c248b100cd165afc6ac\"\u003e\u003ccode\u003ea12d104\u003c/code\u003e\u003c/a\u003e fix(dict): Don't correct requestors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crate-ci/typos/commit/823a0a4672ea7c524f9a1fd99c5c5ae5b1952bf2\"\u003e\u003ccode\u003e823a0a4\u003c/code\u003e\u003c/a\u003e chore(deps): Update compatible (\u003ca href=\"https://redirect.github.com/crate-ci/typos/issues/1564\"\u003e#1564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crate-ci/typos/commit/f8a58b6b53f2279f71eb605f03a4ae4d10608f45\"\u003e\u003ccode\u003ef8a58b6\u003c/code\u003e\u003c/a\u003e chore: Release\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/crate-ci/typos/compare/392b78fe18a52790c53f42456e46124f77346842...37bb98842b0d8c4ffebdb75301a13db0267cef89\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `gitleaks/gitleaks-action` from 2.3.9 to 3.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gitleaks/gitleaks-action/releases\"\u003egitleaks/gitleaks-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's changed\u003c/h2\u003e\n\u003cp\u003egitleaks-action v3 migrates the runtime from Node 20 to Node 24. \u003cstrong\u003eNo changes to inputs, outputs, or behavior.\u003c/strong\u003e Update your workflow from \u003ccode\u003egitleaks/gitleaks-action@v2\u003c/code\u003e to \u003ccode\u003egitleaks/gitleaks-action@v3\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eMigration\u003c/h3\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003e# Before\n- uses: gitleaks/gitleaks-action@v2\n\u003ch1\u003eAfter\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003euses: gitleaks/gitleaks-action@v3\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eWhy\u003c/h3\u003e\n\u003cp\u003eGitHub is deprecating the Node 20 runtime for Actions:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eJune 2, 2026:\u003c/strong\u003e GitHub flips the runner default to Node 24. Workflows using \u003ccode\u003egitleaks-action@v2\u003c/code\u003e (Node 20) will still run, but only if \u003ccode\u003eACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true\u003c/code\u003e is set as an environment variable.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSeptember 16, 2026:\u003c/strong\u003e Node 20 is removed from GitHub-hosted runners entirely. \u003ccode\u003egitleaks-action@v2\u003c/code\u003e stops working regardless of any opt-out flag.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eaction.yml\u003c/code\u003e: runtime \u003ccode\u003enode20\u003c/code\u003e → \u003ccode\u003enode24\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@actions/core\u003c/code\u003e: 1.10.0 → 1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edist/\u003c/code\u003e rebuilt\u003c/li\u003e\n\u003cli\u003eExample workflows updated to \u003ccode\u003eactions/checkout@v6\u003c/code\u003e and \u003ccode\u003egitleaks-action@v3\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eREADME updated with v3 migration guide\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSelf-hosted runners\u003c/h3\u003e\n\u003cp\u003eIf you use self-hosted runners, ensure your runner version is \u003ccode\u003e\u0026gt;= v2.327.1\u003c/code\u003e (required for Node 24 support).\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gitleaks/gitleaks-action/commit/e0c47f4f8be36e29cdc102c57e68cb5cbf0e8d1e\"\u003e\u003ccode\u003ee0c47f4\u003c/code\u003e\u003c/a\u003e chore: migrate to Node 24 runtime (v3)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gitleaks/gitleaks-action/commit/bf2dc8e55639c1e091e9b45970152e4313705814\"\u003e\u003ccode\u003ebf2dc8e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/gitleaks/gitleaks-action/issues/191\"\u003e#191\u003c/a\u003e from Olexandr88/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gitleaks/gitleaks-action/commit/b71323b056f4cc8c7f4cc7decfcc26b5e80b8e15\"\u003e\u003ccode\u003eb71323b\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gitleaks/gitleaks-action/commit/9c66aa96d2700e2b6aa0f9f7021ae6e5cc7a4375\"\u003e\u003ccode\u003e9c66aa9\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gitleaks/gitleaks-action/commit/186c3fea8923e06a92dc3806067ad6afaf53e754\"\u003e\u003ccode\u003e186c3fe\u003c/code\u003e\u003c/a\u003e Create FUNDING.yml\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/gitleaks/gitleaks-action/compare/ff98106e4c7b2bc287b24eaf42907196329070c7...e0c47f4f8be36e29cdc102c57e68cb5cbf0e8d1e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 3 to 4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.36.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.36.1\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev3.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.36.2 - 04 Jun 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.36.1 - 02 Jun 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0ad7c1f95ec5c574792a6371d0ac313f2c260188\"\u003e\u003ccode\u003e0ad7c1f\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/25c25b5e09a2b7b21407dae4d901fa0e4778858a\"\u003e\u003ccode\u003e25c25b5\u003c/code\u003e\u003c/a\u003e Update changelog and version after v4.36.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/87557b9c84dde89fdd9b10e88954ac2f4248e463\"\u003e\u003ccode\u003e87557b9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3940\"\u003e#3940\u003c/a\u003e from github/update-v4.36.1-2a1689ed4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/94310119648b77e2153bf970fd244062806781de\"\u003e\u003ccode\u003e9431011\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2a1689ed43ccdf7eea07e03a75371ce6801d28e6\"\u003e\u003ccode\u003e2a1689e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3939\"\u003e#3939\u003c/a\u003e from github/henrymercer/skip-overlay-revert-when-exp...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d40e417f3c43e66dec164393f3b2b94722865c6f\"\u003e\u003ccode\u003ed40e417\u003c/code\u003e\u003c/a\u003e Only do initial wait when not running tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/524532393a46071bdfc81527a811ffa69e16723a\"\u003e\u003ccode\u003e5245323\u003c/code\u003e\u003c/a\u003e Disable missing diff-ranges fallback when overlay enabled manually\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/948a63aed1cfd5c69e66d4c5c9b60ad2b5b23d64\"\u003e\u003ccode\u003e948a63a\u003c/code\u003e\u003c/a\u003e Add FF to force JGit-based Git backend\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/github/codeql-action/compare/v3...v4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aquasecurity/trivy-action` from 0.32.0 to 0.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy-action/releases\"\u003eaquasecurity/trivy-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.36.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(ci): update bump-trivy workflow by \u003ca href=\"https://github.com/DmitriyLewen\"\u003e\u003ccode\u003e@​DmitriyLewen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/546\"\u003eaquasecurity/trivy-action#546\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use action.yaml as single source of truth for Trivy version by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/552\"\u003eaquasecurity/trivy-action#552\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: replace peter-evans/create-pull-request with gh CLI by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/550\"\u003eaquasecurity/trivy-action#550\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: use pinned digests for trivy-db, trivy-java-db and trivy-checks by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/555\"\u003eaquasecurity/trivy-action#555\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add dependabot config by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/556\"\u003eaquasecurity/trivy-action#556\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: add zizmor config by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/557\"\u003eaquasecurity/trivy-action#557\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the actions group with 5 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/558\"\u003eaquasecurity/trivy-action#558\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: use portable shebang in entrypoint.sh by \u003ca href=\"https://github.com/Hayao0819\"\u003e\u003ccode\u003e@​Hayao0819\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/545\"\u003eaquasecurity/trivy-action#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in GOOGLE_APPLICATION_CREDENTIALS env var name by \u003ca href=\"https://github.com/patrik-csak\"\u003e\u003ccode\u003e@​patrik-csak\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/547\"\u003eaquasecurity/trivy-action#547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade Trivy action version from 0.33.1 to 0.35.0 fixes \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/549\"\u003e#549\u003c/a\u003e by \u003ca href=\"https://github.com/Aditya09-cse\"\u003e\u003ccode\u003e@​Aditya09-cse\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/548\"\u003eaquasecurity/trivy-action#548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: use GitHub Actions as git commit author in bump-trivy workflow by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/561\"\u003eaquasecurity/trivy-action#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Update trivy to v0.70.0 by \u003ca href=\"https://github.com/Argon-DevOps-Mgt\"\u003e\u003ccode\u003e@​Argon-DevOps-Mgt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/559\"\u003eaquasecurity/trivy-action#559\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update action version to v0.36.0 in examples by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/563\"\u003eaquasecurity/trivy-action#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/558\"\u003eaquasecurity/trivy-action#558\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Hayao0819\"\u003e\u003ccode\u003e@​Hayao0819\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/545\"\u003eaquasecurity/trivy-action#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrik-csak\"\u003e\u003ccode\u003e@​patrik-csak\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/547\"\u003eaquasecurity/trivy-action#547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Aditya09-cse\"\u003e\u003ccode\u003e@​Aditya09-cse\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/548\"\u003eaquasecurity/trivy-action#548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Argon-DevOps-Mgt\"\u003e\u003ccode\u003e@​Argon-DevOps-Mgt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/559\"\u003eaquasecurity/trivy-action#559\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/aquasecurity/trivy-action/compare/v0.35.0...v0.36.0\"\u003ehttps://github.com/aquasecurity/trivy-action/compare/v0.35.0...v0.36.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eRelease: 0.35.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Update trivy to v0.69.3 by \u003ca href=\"https://github.com/aqua-bot\"\u003e\u003ccode\u003e@​aqua-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/519\"\u003eaquasecurity/trivy-action#519\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/aquasecurity/trivy-action/compare/0.34.2...0.35.0\"\u003ehttps://github.com/aquasecurity/trivy-action/compare/0.34.2...0.35.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eRelease: v0.35.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eThis release is a duplicate of \u003ca href=\"https://github.com/aquasecurity/trivy-action/releases/tag/0.35.0\"\u003e0.35.0\u003c/a\u003e which was not compromised.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eAs part of our response to the recent supply chain attack, we have migrated all tags to use the \u003ccode\u003ev\u003c/code\u003e prefix (e.g., \u003ccode\u003ev0.35.0\u003c/code\u003e instead of \u003ccode\u003e0.35.0\u003c/code\u003e). Going forward, all new releases will use the \u003ccode\u003ev\u003c/code\u003e prefix convention.\u003c/p\u003e\n\u003cp\u003eWe have intentionally kept the \u003ccode\u003e0.35.0\u003c/code\u003e tag intact to avoid breaking existing workflows that depend on it.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eIf you are currently using \u003ccode\u003e0.35.0\u003c/code\u003e, your workflows are safe — no action is required.\u003c/strong\u003e\u003c/p\u003e\n\u003ch2\u003eRelease: v0.34.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/aquasecurity/trivy-action/compare/v0.33.1...v0.34.0\"\u003ehttps://github.com/aquasecurity/trivy-action/compare/v0.33.1...v0.34.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eRelease: v0.33.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate setup-trivy action to version v0.2.4 by \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/486\"\u003eaquasecurity/trivy-action#486\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/aquasecurity/trivy-action/compare/v0.33.0...v0.33.1\"\u003ehttps://github.com/aquasecurity/trivy-action/compare/v0.33.0...v0.33.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy-action/commit/ed142fd0673e97e23eac54620cfb913e5ce36c25\"\u003e\u003ccode\u003eed142fd\u003c/code\u003e\u003c/a\u003e chore: update action version to v0.36.0 in examples (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/563\"\u003e#563\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy-action/commit/dea62cf79abc269fc35dfd161a4539f0d1f92293\"\u003e\u003ccode\u003edea62cf\u003c/code\u003e\u003c/a\u003e chore(deps): Update trivy to v0.70.0 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/559\"\u003e#559\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy-action/commit/128d9a8815401077119ad09f6ca1892d422c387b\"\u003e\u003ccode\u003e128d9a8\u003c/code\u003e\u003c/a\u003e chore: use GitHub Actions as git commit author in bump-trivy workflow (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy-action/commit/876cf04c63f65e9799bcf1043b584e72469c7143\"\u003e\u003ccode\u003e876cf04\u003c/code\u003e\u003c/a\u003e Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/549\"\u003e#549\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/548\"\u003e#548\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy-action/commit/dada78485d6b2b310d433af366da35a70cf01102\"\u003e\u003ccode\u003edada784\u003c/code\u003e\u003c/a\u003e Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/547\"\u003e#547\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy-action/commit/4a2deec9100bbbee6320e9a33fc9216b5e444e0b\"\u003e\u003ccode\u003e4a2deec\u003c/code\u003e\u003c/a\u003e fix: use portable shebang in entrypoint.sh (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy-action/commit/1994662b5555670344cd84d29ed3cad4bd26f31c\"\u003e\u003ccode\u003e1994662\u003c/code\u003e\u003c/a\u003e chore(deps): bump the actions group with 5 updates (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy-action/commit/6b36659d99b5bc1a27d44e8be2e3b007f91b033c\"\u003e\u003ccode\u003e6b36659\u003c/code\u003e\u003c/a\u003e chore: add zizmor config (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/557\"\u003e#557\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy-action/commit/316aa5aebe03b45a43ade3ec18d7b9c7f9ccb464\"\u003e\u003ccode\u003e316aa5a\u003c/code\u003e\u003c/a\u003e ci: add dependabot config (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/556\"\u003e#556\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy-action/commit/264c9c5e188ea085e7377fd77abd17bfbd4e5926\"\u003e\u003ccode\u003e264c9c5\u003c/code\u003e\u003c/a\u003e test: use pinned digests for trivy-db, trivy-java-db and trivy-checks (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aquasecurity/trivy-action/compare/dc5a429b52fcf669ce959baa2c2dd26090d2a6c4...ed142fd0673e97e23eac54620cfb913e5ce36c25\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `codecov/test-results-action` from 1.1.1 to 1.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/test-results-action/releases\"\u003ecodecov/test-results-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: deprecate this action by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/test-results-action/pull/129\"\u003ecodecov/test-results-action#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 1.2.1 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/test-results-action/pull/130\"\u003ecodecov/test-results-action#130\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/test-results-action/compare/v1.1.1...v1.2.1\"\u003ehttps://github.com/codecov/test-results-action/compare/v1.1.1...v1.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/test-results-action/commit/0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3\"\u003e\u003ccode\u003e0fa95f0\u003c/code\u003e\u003c/a\u003e chore(release): 1.2.1 (\u003ca href=\"https://redirect.github.com/codecov/test-results-action/issues/130\"\u003e#130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/test-results-action/commit/3fef12b33cff40c3ba4a721741678dd3abebcd67\"\u003e\u003ccode\u003e3fef12b\u003c/code\u003e\u003c/a\u003e fix: deprecate this action (\u003ca href=\"https://redirect.github.com/codecov/test-results-action/issues/129\"\u003e#129\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/codecov/test-results-action/compare/47f89e9acb64b76debcd5ea40642d25a4adced9f...0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `codecov/codecov-action` from 5.4.3 to 6.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/releases\"\u003ecodecov/codecov-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: prevent template injection in run: steps (VULN-1652) by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1947\"\u003ecodecov/codecov-action#1947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 6.0.1 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1949\"\u003ecodecov/codecov-action#1949\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003e⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot;\u0026quot; by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1929\"\u003ecodecov/codecov-action#1929\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTh/6.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1928\"\u003ecodecov/codecov-action#1928\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.4...v6.0.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.4...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.4\u003c/h2\u003e\n\u003cp\u003eThis is a mirror of \u003ccode\u003ev5.5.2\u003c/code\u003e. \u003ccode\u003ev6\u003c/code\u003e will be released which requires \u003ccode\u003enode24\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot; by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1926\"\u003ecodecov/codecov-action#1926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 5.5.4 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1927\"\u003ecodecov/codecov-action#1927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.3...v5.5.4\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.3...v5.5.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/github-script from 7.0.1 to 8.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1874\"\u003ecodecov/codecov-action#1874\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): bump to 5.5.3 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1922\"\u003ecodecov/codecov-action#1922\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.2...v5.5.3\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.2...v5.5.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echeck gpg only when skip-validation = false by \u003ca href=\"https://github.com/maxweng-sentry\"\u003e\u003ccode\u003e@​maxweng-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1894\"\u003ecodecov/codecov-action#1894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: \u003ccode\u003edisable_search\u003c/code\u003e alignment by \u003ca href=\"https://github.com/freemanzMrojo\"\u003e\u003ccode\u003e@​freemanzMrojo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1881\"\u003ecodecov/codecov-action#1881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 5.5.2 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1902\"\u003ecodecov/codecov-action#1902\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/maxweng-sentry\"\u003e\u003ccode\u003e@​maxweng-sentry\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1894\"\u003ecodecov/codecov-action#1894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/freemanzMrojo\"\u003e\u003ccode\u003e@​freemanzMrojo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1881\"\u003ecodecov/codecov-action#1881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.1...v5.5.2\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.1...v5.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md\"\u003ecodecov/codecov-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.5.2\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.1\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: overwrite pr number on fork by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1871\"\u003ecodecov/codecov-action#1871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.2 to 5.0.0 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1868\"\u003ecodecov/codecov-action#1868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1867\"\u003ecodecov/codecov-action#1867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update to use local app/ dir by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1872\"\u003ecodecov/codecov-action#1872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typo in README by \u003ca href...\n\n_Description has been truncated_","html_url":"https://github.com/tvna/command-ghostwriter/pull/330","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tvna%2Fcommand-ghostwriter/issues/330","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/330/packages"},{"uuid":"4585782507","node_id":"PR_kwDOBpB4_s7iho-L","number":47,"state":"closed","title":"Chore: Bump step-security/harden-runner from 2.16.0 to 2.19.4","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":"2026-06-04T04:27:59.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-04T04:27:18.000Z","updated_at":"2026-06-04T04:28:08.000Z","time_to_close":41,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Chore: Bump","packages":[{"name":"step-security/harden-runner","old_version":"2.16.0","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"}],"path":null,"ecosystem":"actions"},"body":"Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.16.0 to 2.19.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.16.0...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner\u0026package-manager=github_actions\u0026previous-version=2.16.0\u0026new-version=2.19.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/lfit/releng-docs-conf/pull/47","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/lfit%2Freleng-docs-conf/issues/47","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/47/packages"},{"uuid":"4584887375","node_id":"PR_kwDOSQGDf87iesVW","number":233,"state":"closed","title":"chore(deps): bump the actions group with 4 updates","user":"dependabot[bot]","labels":["dependencies","github_actions","cla-signed"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-05T23:26:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-04T01:07:26.000Z","updated_at":"2026-06-05T23:27:00.000Z","time_to_close":166764,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"actions","update_count":4,"packages":[{"name":"step-security/harden-runner","old_version":"2.19.3","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/checkout","old_version":"6.0.2","new_version":"6.0.3","repository_url":"https://github.com/actions/checkout"},{"name":"github/codeql-action","old_version":"4.35.5","new_version":"4.36.1","repository_url":"https://github.com/github/codeql-action"},{"name":"changesets/action","old_version":"1.8.0","new_version":"1.9.0","repository_url":"https://github.com/changesets/action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 4 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [actions/checkout](https://github.com/actions/checkout), [github/codeql-action](https://github.com/github/codeql-action) and [changesets/action](https://github.com/changesets/action).\n\nUpdates `step-security/harden-runner` from 2.19.3 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/ab7a9404c0f3da075243ca237b5fac12c98deaa5...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 6.0.2 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824\"\u003e\u003ccode\u003e1cce339\u003c/code\u003e\u003c/a\u003e Fix checkout init for SHA-256 repositories (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2439\"\u003e#2439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231\"\u003e\u003ccode\u003e900f221\u003c/code\u003e\u003c/a\u003e fix: expand merge commit SHA regex and add SHA-256 test cases (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2414\"\u003e#2414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98\"\u003e\u003ccode\u003e0c366fd\u003c/code\u003e\u003c/a\u003e Update changelog (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2357\"\u003e#2357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.5 to 4.36.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.1\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.1 - 02 Jun 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/87557b9c84dde89fdd9b10e88954ac2f4248e463\"\u003e\u003ccode\u003e87557b9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3940\"\u003e#3940\u003c/a\u003e from github/update-v4.36.1-2a1689ed4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/94310119648b77e2153bf970fd244062806781de\"\u003e\u003ccode\u003e9431011\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2a1689ed43ccdf7eea07e03a75371ce6801d28e6\"\u003e\u003ccode\u003e2a1689e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3939\"\u003e#3939\u003c/a\u003e from github/henrymercer/skip-overlay-revert-when-exp...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/524532393a46071bdfc81527a811ffa69e16723a\"\u003e\u003ccode\u003e5245323\u003c/code\u003e\u003c/a\u003e Disable missing diff-ranges fallback when overlay enabled manually\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1eb1207b45130d2edf64a0aa1c93be23510592f\"\u003e\u003ccode\u003ed1eb120\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3933\"\u003e#3933\u003c/a\u003e from github/update-supported-enterprise-server-versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/115001ba8d0198846992657731666b08686c8ded\"\u003e\u003ccode\u003e115001b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3934\"\u003e#3934\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-minor-86fb5c...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/cef2e7a910879f4626a24b251504bde16bfe4e76\"\u003e\u003ccode\u003ecef2e7a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3925\"\u003e#3925\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/5e6adf70ed0299cdf20f90e4e37ac5dd30ab7501\"\u003e\u003ccode\u003e5e6adf7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3936\"\u003e#3936\u003c/a\u003e from github/dependabot/npm_and_yarn/tmp-0.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ad170e6c4eaf671895978420267d6cb49b66b706\"\u003e\u003ccode\u003ead170e6\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/github_actions/dot-github/workflows/actio...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6a37b3a57ac457a679b84930a67c233c15f5ac41\"\u003e\u003ccode\u003e6a37b3a\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/9e0d7b8d25671d64c341c19c0152d693099fb5ba...87557b9c84dde89fdd9b10e88954ac2f4248e463\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `changesets/action` from 1.8.0 to 1.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/changesets/action/releases\"\u003echangesets/action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.9.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/636\"\u003e#636\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/b072bccc4c664a373c42168eed9139dce1e003b1\"\u003e\u003ccode\u003eb072bcc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Add a new \u003ccode\u003e@changesets/action/pr-comment\u003c/code\u003e sub-action to comment on PRs\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/625\"\u003e#625\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/8795eee5eee884e887d352ac673a515ffe35aaa6\"\u003e\u003ccode\u003e8795eee\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Add a new \u003ccode\u003e@changesets/action/pr-status\u003c/code\u003e sub-action to generate the changeset status comment for PRs as an alternative to the \u003ca href=\"https://github.com/apps/changeset-bot\"\u003eChangesets Bot\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/535\"\u003e#535\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/34f64f6e2e1e47ddc183f174aa27c197aa47f520\"\u003e\u003ccode\u003e34f64f6\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Fixed an issue with GitHub releases not being created for successfully published packages when \u003cem\u003esome\u003c/em\u003e packages failed to be published to the registry.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/632\"\u003e#632\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/1d54b9e660e435237accbcae0b4581af3be641b4\"\u003e\u003ccode\u003e1d54b9e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Simplify internal implementation to get changelog entries for a package version\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/629\"\u003e#629\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/e0c90aa7fbd0cc26931a679c5abe9bbc0deb0b50\"\u003e\u003ccode\u003ee0c90aa\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Fix custom version and publish command argument parsing\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/645\"\u003e#645\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/f9585d966a9c7d2f668b97199990de6f885823cf\"\u003e\u003ccode\u003ef9585d9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Improved force-push handling when using \u003ccode\u003ecommitMode: \u0026quot;github-api\u0026quot;\u003c/code\u003e so updating an existing branch no longer temporarily resets the target branch to the base commit, avoiding cases where GitHub closes open pull requests during the update. This should remove a possibility of a GitHub state race that caused the force-pushed PRs not being reopened.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/changesets/action/blob/main/CHANGELOG.md\"\u003echangesets/action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e\u003ccode\u003e@​changesets/action\u003c/code\u003e\u003c/h1\u003e\n\u003ch2\u003e1.9.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/636\"\u003e#636\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/b072bccc4c664a373c42168eed9139dce1e003b1\"\u003e\u003ccode\u003eb072bcc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Add a new \u003ccode\u003e@changesets/action/pr-comment\u003c/code\u003e sub-action to comment on PRs\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/625\"\u003e#625\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/8795eee5eee884e887d352ac673a515ffe35aaa6\"\u003e\u003ccode\u003e8795eee\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Add a new \u003ccode\u003e@changesets/action/pr-status\u003c/code\u003e sub-action to generate the changeset status comment for PRs as an alternative to the \u003ca href=\"https://github.com/apps/changeset-bot\"\u003eChangesets Bot\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/535\"\u003e#535\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/34f64f6e2e1e47ddc183f174aa27c197aa47f520\"\u003e\u003ccode\u003e34f64f6\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Fixed an issue with GitHub releases not being created for successfully published packages when \u003cem\u003esome\u003c/em\u003e packages failed to be published to the registry.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/632\"\u003e#632\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/1d54b9e660e435237accbcae0b4581af3be641b4\"\u003e\u003ccode\u003e1d54b9e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Simplify internal implementation to get changelog entries for a package version\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/629\"\u003e#629\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/e0c90aa7fbd0cc26931a679c5abe9bbc0deb0b50\"\u003e\u003ccode\u003ee0c90aa\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Fix custom version and publish command argument parsing\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/645\"\u003e#645\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/f9585d966a9c7d2f668b97199990de6f885823cf\"\u003e\u003ccode\u003ef9585d9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Improved force-push handling when using \u003ccode\u003ecommitMode: \u0026quot;github-api\u0026quot;\u003c/code\u003e so updating an existing branch no longer temporarily resets the target branch to the base commit, avoiding cases where GitHub closes open pull requests during the update. This should remove a possibility of a GitHub state race that caused the force-pushed PRs not being reopened.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.8.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/258\"\u003e#258\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/f5dbf72f96949cb0daf45152f0f63062df70e97d\"\u003e\u003ccode\u003ef5dbf72\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tom-sherman\"\u003e\u003ccode\u003e@​tom-sherman\u003c/code\u003e\u003c/a\u003e! - Support draft version PR modes with a new \u003ccode\u003eprDraft\u003c/code\u003e input. Use \u003ccode\u003ecreate\u003c/code\u003e to create new version PRs as drafts, or \u003ccode\u003ealways\u003c/code\u003e to also convert existing version PRs back to draft when updating them.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/502\"\u003e#502\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/6002dbd987f49a3c0a134910d9c7bca975b79977\"\u003e\u003ccode\u003e6002dbd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/oshytiko\"\u003e\u003ccode\u003e@​oshytiko\u003c/code\u003e\u003c/a\u003e! - Fixed initial \u003ccode\u003e.changeset\u003c/code\u003e state being picked up, when \u003ccode\u003ecwd\u003c/code\u003e parameter is provided\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/536\"\u003e#536\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/81b3f61ebffcb868f73e4c0b2682517149c834a2\"\u003e\u003ccode\u003e81b3f61\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/radnan\"\u003e\u003ccode\u003e@​radnan\u003c/code\u003e\u003c/a\u003e! - Fixed \u003ccode\u003e.changeset\u003c/code\u003e state being picked for the version command when \u003ccode\u003ecwd\u003c/code\u003e parameter is provided\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/564\"\u003e#564\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/935fe876b0054dfc962ac86bcddf028460040d46\"\u003e\u003ccode\u003e935fe87\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Automatically use the GitHub-provided token to allow most users to avoid explicit \u003ccode\u003eGITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\u003c/code\u003e configuration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/545\"\u003e#545\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/54220dd92c06e7da112b139f95d8beb933e4cdde\"\u003e\u003ccode\u003e54220dd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ryanbas21\"\u003e\u003ccode\u003e@​ryanbas21\u003c/code\u003e\u003c/a\u003e! - The \u003ccode\u003e.npmrc\u003c/code\u003e generation now intelligently handles both traditional NPM token authentication and trusted publishing scenarios by only appending the auth token when \u003ccode\u003eNPM_TOKEN\u003c/code\u003e is defined. This prevents 'undefined' from being written to the registry configuration when using OIDC tokens from GitHub Actions trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/563\"\u003e#563\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/6af4a7ec080d23ac6b304f69b67fd0aa92e089e7\"\u003e\u003ccode\u003e6af4a7e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Don't error on already committed symlinks and executables that stay untouched\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.6.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/558\"\u003e#558\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/342005d41242bccd9dd9ae8d3679efce96af48ae\"\u003e\u003ccode\u003e342005d\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/harsha-venugopal-ledn\"\u003e\u003ccode\u003e@​harsha-venugopal-ledn\u003c/code\u003e\u003c/a\u003e! - Upgrade from Node.js 20 to Node.js 24 LTS\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/a45c4d594aa4e2c509dc14a9f2b3b67ba3780d0d\"\u003e\u003ccode\u003ea45c4d5\u003c/code\u003e\u003c/a\u003e v1.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/b459b1eaa0a3889b4eea8af244304a64da6331ce\"\u003e\u003ccode\u003eb459b1e\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/changesets/action/issues/637\"\u003e#637\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/f9585d966a9c7d2f668b97199990de6f885823cf\"\u003e\u003ccode\u003ef9585d9\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003e@changesets/ghcommit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/changesets/action/issues/645\"\u003e#645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/020e8cc600a1e7e7b8b843654902f043f32387ea\"\u003e\u003ccode\u003e020e8cc\u003c/code\u003e\u003c/a\u003e Use internal bot for versioning (\u003ca href=\"https://redirect.github.com/changesets/action/issues/643\"\u003e#643\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/b072bccc4c664a373c42168eed9139dce1e003b1\"\u003e\u003ccode\u003eb072bcc\u003c/code\u003e\u003c/a\u003e Add simple PR comment sub-action (\u003ca href=\"https://redirect.github.com/changesets/action/issues/636\"\u003e#636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/8795eee5eee884e887d352ac673a515ffe35aaa6\"\u003e\u003ccode\u003e8795eee\u003c/code\u003e\u003c/a\u003e Comment changeset status in PRs (\u003ca href=\"https://redirect.github.com/changesets/action/issues/625\"\u003e#625\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/34f64f6e2e1e47ddc183f174aa27c197aa47f520\"\u003e\u003ccode\u003e34f64f6\u003c/code\u003e\u003c/a\u003e Fixed an issue with GitHub releases not being created for successfully publis...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/1d54b9e660e435237accbcae0b4581af3be641b4\"\u003e\u003ccode\u003e1d54b9e\u003c/code\u003e\u003c/a\u003e Simplify getChangelogEntry (\u003ca href=\"https://redirect.github.com/changesets/action/issues/632\"\u003e#632\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/031358f743b5a6199bd7a39bdc8b469280983df9\"\u003e\u003ccode\u003e031358f\u003c/code\u003e\u003c/a\u003e Update to typescript v6 (\u003ca href=\"https://redirect.github.com/changesets/action/issues/633\"\u003e#633\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/a0c05f7a4b1df776543903d7dca8e39cd787b30a\"\u003e\u003ccode\u003ea0c05f7\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​changesets/changelog-github\u003c/code\u003e from 0.5.2 to 0.7.0 (\u003ca href=\"https://redirect.github.com/changesets/action/issues/620\"\u003e#620\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/changesets/action/compare/63a615b9cd06ba9a3e6d13796c7fbcb080a60a0b...a45c4d594aa4e2c509dc14a9f2b3b67ba3780d0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/vex-protocol/vex-protocol/pull/233","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vex-protocol%2Fvex-protocol/issues/233","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/233/packages"},{"uuid":"4582861306","node_id":"PR_kwDOL_9g-s7iX7ml","number":213,"state":"closed","title":"Bump the action-packages group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-08T00:54:00.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-03T19:09:30.000Z","updated_at":"2026-06-08T00:54:02.000Z","time_to_close":366270,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"action-packages","update_count":4,"packages":[{"name":"actions/checkout","old_version":"6.0.2","new_version":"6.0.3","repository_url":"https://github.com/actions/checkout"},{"name":"step-security/harden-runner","old_version":"2.19.1","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"github/codeql-action","old_version":"4.35.4","new_version":"4.36.1","repository_url":"https://github.com/github/codeql-action"},{"name":"codecov/codecov-action","old_version":"6.0.0","new_version":"6.0.1","repository_url":"https://github.com/codecov/codecov-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the action-packages group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [step-security/harden-runner](https://github.com/step-security/harden-runner), [github/codeql-action](https://github.com/github/codeql-action) and [codecov/codecov-action](https://github.com/codecov/codecov-action).\n\nUpdates `actions/checkout` from 6.0.2 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824\"\u003e\u003ccode\u003e1cce339\u003c/code\u003e\u003c/a\u003e Fix checkout init for SHA-256 repositories (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2439\"\u003e#2439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231\"\u003e\u003ccode\u003e900f221\u003c/code\u003e\u003c/a\u003e fix: expand merge commit SHA regex and add SHA-256 test cases (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2414\"\u003e#2414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98\"\u003e\u003ccode\u003e0c366fd\u003c/code\u003e\u003c/a\u003e Update changelog (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2357\"\u003e#2357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.2...v6.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `step-security/harden-runner` from 2.19.1 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/a5ad31d6a139d249332a2605b85202e8c0b78450...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.4 to 4.36.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.1\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.1 - 02 Jun 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/87557b9c84dde89fdd9b10e88954ac2f4248e463\"\u003e\u003ccode\u003e87557b9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3940\"\u003e#3940\u003c/a\u003e from github/update-v4.36.1-2a1689ed4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/94310119648b77e2153bf970fd244062806781de\"\u003e\u003ccode\u003e9431011\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2a1689ed43ccdf7eea07e03a75371ce6801d28e6\"\u003e\u003ccode\u003e2a1689e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3939\"\u003e#3939\u003c/a\u003e from github/henrymercer/skip-overlay-revert-when-exp...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/524532393a46071bdfc81527a811ffa69e16723a\"\u003e\u003ccode\u003e5245323\u003c/code\u003e\u003c/a\u003e Disable missing diff-ranges fallback when overlay enabled manually\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1eb1207b45130d2edf64a0aa1c93be23510592f\"\u003e\u003ccode\u003ed1eb120\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3933\"\u003e#3933\u003c/a\u003e from github/update-supported-enterprise-server-versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/115001ba8d0198846992657731666b08686c8ded\"\u003e\u003ccode\u003e115001b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3934\"\u003e#3934\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-minor-86fb5c...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/cef2e7a910879f4626a24b251504bde16bfe4e76\"\u003e\u003ccode\u003ecef2e7a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3925\"\u003e#3925\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/5e6adf70ed0299cdf20f90e4e37ac5dd30ab7501\"\u003e\u003ccode\u003e5e6adf7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3936\"\u003e#3936\u003c/a\u003e from github/dependabot/npm_and_yarn/tmp-0.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ad170e6c4eaf671895978420267d6cb49b66b706\"\u003e\u003ccode\u003ead170e6\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/github_actions/dot-github/workflows/actio...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6a37b3a57ac457a679b84930a67c233c15f5ac41\"\u003e\u003ccode\u003e6a37b3a\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...87557b9c84dde89fdd9b10e88954ac2f4248e463\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `codecov/codecov-action` from 6.0.0 to 6.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/releases\"\u003ecodecov/codecov-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: prevent template injection in run: steps (VULN-1652) by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1947\"\u003ecodecov/codecov-action#1947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 6.0.1 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1949\"\u003ecodecov/codecov-action#1949\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md\"\u003ecodecov/codecov-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.5.2\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.1\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: overwrite pr number on fork by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1871\"\u003ecodecov/codecov-action#1871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.2 to 5.0.0 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1868\"\u003ecodecov/codecov-action#1868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1867\"\u003ecodecov/codecov-action#1867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update to use local app/ dir by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1872\"\u003ecodecov/codecov-action#1872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typo in README by \u003ca href=\"https://github.com/datalater\"\u003e\u003ccode\u003e@​datalater\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1866\"\u003ecodecov/codecov-action#1866\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument a \u003ccode\u003ecodecov-cli\u003c/code\u003e version reference example by \u003ca href=\"https://github.com/webknjaz\"\u003e\u003ccode\u003e@​webknjaz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1774\"\u003ecodecov/codecov-action#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1861\"\u003ecodecov/codecov-action#1861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1833\"\u003ecodecov/codecov-action#1833\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.0\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat: upgrade wrapper to 0.2.4 by \u003ca href=\"https://github.com/jviall\"\u003e\u003ccode\u003e@​jviall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1864\"\u003ecodecov/codecov-action#1864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/github-script by Git SHA by \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1859\"\u003ecodecov/codecov-action#1859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: check reqs exist by \u003ca href=\"https://github.com/joseph-sentry\"\u003e\u003ccode\u003e@​joseph-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1835\"\u003ecodecov/codecov-action#1835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Typo in README by \u003ca href=\"https://github.com/spalmurray\"\u003e\u003ccode\u003e@​spalmurray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1838\"\u003ecodecov/codecov-action#1838\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Refine OIDC docs by \u003ca href=\"https://github.com/spalmurray\"\u003e\u003ccode\u003e@​spalmurray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1837\"\u003ecodecov/codecov-action#1837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1829\"\u003ecodecov/codecov-action#1829\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.4.3\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1822\"\u003ecodecov/codecov-action#1822\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: OIDC on forks by \u003ca href=\"https://github.com/joseph-sentry\"\u003e\u003ccode\u003e@​joseph-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1823\"\u003ecodecov/codecov-action#1823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.4.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/e79a6962e0d4c0c17b229090214935d2e33f8354\"\u003e\u003ccode\u003ee79a696\u003c/code\u003e\u003c/a\u003e chore(release): 6.0.1 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1949\"\u003e#1949\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/51e64229ac331acb0d7f7b17c67423995f991c79\"\u003e\u003ccode\u003e51e6422\u003c/code\u003e\u003c/a\u003e fix: prevent template injection in run: steps (VULN-1652) (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1947\"\u003e#1947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/codecov/codecov-action/compare/57e3a136b779b570ffcdbf80b3bdc90e7fab3de2...e79a6962e0d4c0c17b229090214935d2e33f8354\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/fiaisis/fia-auth/pull/213","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fiaisis%2Ffia-auth/issues/213","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/213/packages"},{"uuid":"4577467303","node_id":"PR_kwDOSB24as7iGJa1","number":11,"state":"open","title":"ci: bump the actions-minor-patch group across 1 directory with 5 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-03T06:26:21.000Z","updated_at":"2026-06-03T06:26:43.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"ci: bump","group_name":"actions-minor-patch","update_count":5,"packages":[{"name":"step-security/harden-runner","old_version":"2.16.1","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/checkout","old_version":"6.0.2","new_version":"6.0.3","repository_url":"https://github.com/actions/checkout"},{"name":"github/codeql-action","old_version":"4.35.2","new_version":"4.36.1","repository_url":"https://github.com/github/codeql-action"},{"name":"sigstore/cosign-installer","old_version":"4.1.1","new_version":"4.1.2","repository_url":"https://github.com/sigstore/cosign-installer"},{"name":"zizmorcore/zizmor-action","old_version":"0.5.0","new_version":"0.5.6","repository_url":"https://github.com/zizmorcore/zizmor-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions-minor-patch group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.16.1` | `2.19.4` |\n| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.35.2` | `4.36.1` |\n| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.1.1` | `4.1.2` |\n| [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.0` | `0.5.6` |\n\n\nUpdates `step-security/harden-runner` from 2.16.1 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.16.1...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 6.0.2 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824\"\u003e\u003ccode\u003e1cce339\u003c/code\u003e\u003c/a\u003e Fix checkout init for SHA-256 repositories (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2439\"\u003e#2439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231\"\u003e\u003ccode\u003e900f221\u003c/code\u003e\u003c/a\u003e fix: expand merge commit SHA regex and add SHA-256 test cases (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2414\"\u003e#2414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98\"\u003e\u003ccode\u003e0c366fd\u003c/code\u003e\u003c/a\u003e Update changelog (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2357\"\u003e#2357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.2 to 4.36.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.1\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.1 - 02 Jun 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/87557b9c84dde89fdd9b10e88954ac2f4248e463\"\u003e\u003ccode\u003e87557b9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3940\"\u003e#3940\u003c/a\u003e from github/update-v4.36.1-2a1689ed4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/94310119648b77e2153bf970fd244062806781de\"\u003e\u003ccode\u003e9431011\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2a1689ed43ccdf7eea07e03a75371ce6801d28e6\"\u003e\u003ccode\u003e2a1689e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3939\"\u003e#3939\u003c/a\u003e from github/henrymercer/skip-overlay-revert-when-exp...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/524532393a46071bdfc81527a811ffa69e16723a\"\u003e\u003ccode\u003e5245323\u003c/code\u003e\u003c/a\u003e Disable missing diff-ranges fallback when overlay enabled manually\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1eb1207b45130d2edf64a0aa1c93be23510592f\"\u003e\u003ccode\u003ed1eb120\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3933\"\u003e#3933\u003c/a\u003e from github/update-supported-enterprise-server-versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/115001ba8d0198846992657731666b08686c8ded\"\u003e\u003ccode\u003e115001b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3934\"\u003e#3934\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-minor-86fb5c...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/cef2e7a910879f4626a24b251504bde16bfe4e76\"\u003e\u003ccode\u003ecef2e7a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3925\"\u003e#3925\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/5e6adf70ed0299cdf20f90e4e37ac5dd30ab7501\"\u003e\u003ccode\u003e5e6adf7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3936\"\u003e#3936\u003c/a\u003e from github/dependabot/npm_and_yarn/tmp-0.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ad170e6c4eaf671895978420267d6cb49b66b706\"\u003e\u003ccode\u003ead170e6\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/github_actions/dot-github/workflows/actio...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6a37b3a57ac457a679b84930a67c233c15f5ac41\"\u003e\u003ccode\u003e6a37b3a\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/95e58e9a2cdfd71adc6e0353d5c52f41a045d225...87557b9c84dde89fdd9b10e88954ac2f4248e463\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sigstore/cosign-installer` from 4.1.1 to 4.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sigstore/cosign-installer/releases\"\u003esigstore/cosign-installer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump cosign to 3.0.6 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/232\"\u003esigstore/cosign-installer#232\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003e\u003ccode\u003e6f9f177\u003c/code\u003e\u003c/a\u003e Bump cosign to 3.0.6 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/b5e753ae2d39589c7b38850b463739151fc67f07\"\u003e\u003ccode\u003eb5e753a\u003c/code\u003e\u003c/a\u003e Bump actions/github-script from 8.0.0 to 9.0.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/230\"\u003e#230\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/115e4ce455e573aa6e9ba51e8d040ddd5c1378af\"\u003e\u003ccode\u003e115e4ce\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 6.3.0 to 6.4.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003...6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmorcore/zizmor-action` from 0.5.0 to 0.5.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor-action/releases\"\u003ezizmorcore/zizmor-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e1.25.2 is now available via the action\u003c/li\u003e\n\u003cli\u003e1.25.2 is now the default version of zizmor used by the action\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.5.5\u003c/h2\u003e\n\u003cp\u003eThis is a no-op release.\u003c/p\u003e\n\u003ch2\u003ev0.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e1.25.0 is now available via the action\u003c/li\u003e\n\u003cli\u003e1.25.0 is now the default version of zizmor used by the action\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.5.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e1.24.0\u003c/code\u003e and \u003ccode\u003e1.24.1\u003c/code\u003e are now available via the action\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e1.24.1\u003c/code\u003e is now the default version of zizmor used by the action\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.5.2...v0.5.3\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.5.2...v0.5.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.5.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor 1.23.1 is now the default used by this action.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.5.1...v0.5.2\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.5.1...v0.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor 1.23.0 is now the default used by this action.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/5f14fd08f7cf1cb1609c1e344975f152c7ee938d\"\u003e\u003ccode\u003e5f14fd0\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/114\"\u003e#114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/a16621b09c6db4281f81a93cb393b05dcd7b7165\"\u003e\u003ccode\u003ea16621b\u003c/code\u003e\u003c/a\u003e Bump pins in README (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/112\"\u003e#112\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/1c03e047a3633631b1e5648c48243045b1de0d25\"\u003e\u003ccode\u003e1c03e04\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3 in the github-ac...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/b572f7b1a1c2d41efaab43d504f68d215c3cd727\"\u003e\u003ccode\u003eb572f7b\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/06928c5dcba418c7d6108a4bd6e2d34cbf3c9377\"\u003e\u003ccode\u003e06928c5\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action in the github-actions group (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/109\"\u003e#109\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/5ea8b96e1078453e04a1b81443890d9e7da5ddf3\"\u003e\u003ccode\u003e5ea8b96\u003c/code\u003e\u003c/a\u003e docs: Update link to GitHub docs (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/108\"\u003e#108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/849ac260951adeb7c02481da6c7e749b39f4ea6d\"\u003e\u003ccode\u003e849ac26\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/106\"\u003e#106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/814f9778aceea8641503a8cd8f0cffebc55d790c\"\u003e\u003ccode\u003e814f977\u003c/code\u003e\u003c/a\u003e Bump pins in README (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/b1d7e1fb5de872772f31590499237e7cce841e8e\"\u003e\u003ccode\u003eb1d7e1f\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/a195b57475917ddcb70845e5ffe1c3a15dbbdedc\"\u003e\u003ccode\u003ea195b57\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d...5f14fd08f7cf1cb1609c1e344975f152c7ee938d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/parley-wallet/parley-protocol-spec/pull/11","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/parley-wallet%2Fparley-protocol-spec/issues/11","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11/packages"},{"uuid":"4576568881","node_id":"PR_kwDOPiJIA87iDORv","number":43,"state":"open","title":"deps: Bump the actions group with 3 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-03T03:12:27.000Z","updated_at":"2026-06-03T03:12:42.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps: Bump","group_name":"actions","update_count":3,"packages":[{"name":"step-security/harden-runner","old_version":"2.19.1","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"KineticCafe/actions-dco","old_version":"3.0.0","new_version":"3.1.0","repository_url":"https://github.com/kineticcafe/actions-dco"},{"name":"zizmorcore/zizmor-action","old_version":"0.5.3","new_version":"0.5.6","repository_url":"https://github.com/zizmorcore/zizmor-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [KineticCafe/actions-dco](https://github.com/kineticcafe/actions-dco) and [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action).\n\nUpdates `step-security/harden-runner` from 2.19.1 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/a5ad31d6a139d249332a2605b85202e8c0b78450...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `KineticCafe/actions-dco` from 3.0.0 to 3.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kineticcafe/actions-dco/releases\"\u003eKineticCafe/actions-dco's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.0: Performance and Better Summaries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReshaped the sign-off summary written to the action and optionally as a commit comment. The message as added with 3.0.0 was accurate but meaningless. It has now be modified to produce meaningful summaries.\u003c/p\u003e\n\u003cp\u003eEach commit that fails (up to X commits) will be included in a DCO failure table:\u003c/p\u003e\n\u003cpre lang=\"markdown\"\u003e\u003ccode\u003e| Commit     | Subject                       | Issue                    |\r\n| ---------- | ----------------------------- | ------------------------ |\r\n| `ff882225` | deps: Bump the actions group… | No Signed-off-by trailer |\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eWhen commits are passed, skipped or exempt, they are included in a \u0026quot;pass\u0026quot; table grouped by the identity responsible that signed off:\u003c/p\u003e\n\u003cpre lang=\"markdown\"\u003e\u003ccode\u003e| Identity                | Commits                        |\r\n| ----------------------- | ------------------------------ |\r\n| dependabot[bot]         | 1 (bot, skipped)               |\r\n| Alice \u0026lt;al…@example.org\u0026gt; | 2 (signed off)                 |\r\n| Bob \u0026lt;bob@example.com\u0026gt;   | 1 (exempt domain @example.com) |\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe comment will be headed with a subject indicating that the check was successful or failed as a whole.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a pathological bug where parsing trailers in Lenient mode would result in quadratic time parsing. This wouldn't have been noticeable initially except for a separate bug where some experimental minimal AI assistant checking was always executed and ran trailer parsing in Lenient mode, even though the default trailer parsing rule is Strict.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eWe apologize for the fault in the subtitles. Those responsible have been sacked.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eThis has been resolved by improving the parsing to operate on split graphemes, and all trailer parsing has been modified to short circuit on the block (if a trailer is not present on the first line of the block, it's not a trailer block) and the line (trailers must have \u003ccode\u003e:\u003c/code\u003e; if not present, it's not a trailer line).\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eWe apologize again for the fault in the subtitles. Those responsible for sacking the people who have just been sacked have been sacked.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eThis results in a 4½x improvement in Strict trailer parsing and a 11x improvement in Lenient trailer parsing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded additional debug messages.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpgraded to pontil 2 and \u003ccode\u003epontil_summary\u003c/code\u003e 1.1 and modified the CLI to use an improved ANSI-aware output mode.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: Reshaped sign-off summary and performance fixes by \u003ca href=\"https://github.com/halostatue\"\u003e\u003ccode\u003e@​halostatue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/KineticCafe/actions-dco/pull/213\"\u003eKineticCafe/actions-dco#213\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/KineticCafe/actions-dco/compare/v3.0.0...v3.1.0\"\u003ehttps://github.com/KineticCafe/actions-dco/compare/v3.0.0...v3.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/KineticCafe/actions-dco/blob/main/CHANGELOG.md\"\u003eKineticCafe/actions-dco's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eKineticCafe/actions-dco Changelog\u003c/h1\u003e\n\u003ch2\u003e3.1.0 / 2026-05-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReshaped the sign-off summary written to the action and optionally as a commit\ncomment. The message as added with 3.0.0 was accurate but meaningless. It has\nnow be modified to produce meaningful summaries.\u003c/p\u003e\n\u003cp\u003eEach commit that fails (up to X commits) will be included in a DCO failure\ntable:\u003c/p\u003e\n\u003cpre lang=\"markdown\"\u003e\u003ccode\u003e| Commit     | Subject                       | Issue                    |\n| ---------- | ----------------------------- | ------------------------ |\n| `ff882225` | deps: Bump the actions group… | No Signed-off-by trailer |\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eWhen commits are passed, skipped or exempt, they are included in a \u0026quot;pass\u0026quot;\ntable grouped by the identity responsible that signed off:\u003c/p\u003e\n\u003cpre lang=\"markdown\"\u003e\u003ccode\u003e| Identity                | Commits                        |\n| ----------------------- | ------------------------------ |\n| dependabot[bot]         | 1 (bot, skipped)               |\n| Alice \u0026lt;al…@example.org\u0026gt; | 2 (signed off)                 |\n| Bob \u0026lt;bob@example.com\u0026gt;   | 1 (exempt domain @example.com) |\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe comment will be headed with a subject indicating that the check was\nsuccessful or failed as a whole.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a pathological bug where parsing trailers in Lenient mode would result\nin quadratic time parsing. This wouldn't have been noticeable initially except\nfor a separate bug where some experimental minimal AI assistant checking was\nalways executed and ran trailer parsing in Lenient mode, even though the\ndefault trailer parsing rule is Strict.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eWe apologize for the fault in the subtitles. Those responsible have been\nsacked.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eThis has been resolved by improving the parsing to operate on split graphemes,\nand all trailer parsing has been modified to short circuit on the block (if a\ntrailer is not present on the first line of the block, it's not a trailer\nblock) and the line (trailers must have \u003ccode\u003e:\u003c/code\u003e; if not present, it's not a\ntrailer line).\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eWe apologize again for the fault in the subtitles. Those responsible for\nsacking the people who have just been sacked have been sacked.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eThis results in a 4½x improvement in Strict trailer parsing and a 11x\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/KineticCafe/actions-dco/commit/1da04282bbf757dab7d92a5c8535dbfb8113da5c\"\u003e\u003ccode\u003e1da0428\u003c/code\u003e\u003c/a\u003e feat: Reshaped sign-off summary and performance fixes\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/kineticcafe/actions-dco/compare/f7fe2fdfb5808e2528042be3919b67079100b96b...1da04282bbf757dab7d92a5c8535dbfb8113da5c\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmorcore/zizmor-action` from 0.5.3 to 0.5.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor-action/releases\"\u003ezizmorcore/zizmor-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e1.25.2 is now available via the action\u003c/li\u003e\n\u003cli\u003e1.25.2 is now the default version of zizmor used by the action\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.5.5\u003c/h2\u003e\n\u003cp\u003eThis is a no-op release.\u003c/p\u003e\n\u003ch2\u003ev0.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e1.25.0 is now available via the action\u003c/li\u003e\n\u003cli\u003e1.25.0 is now the default version of zizmor used by the action\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/5f14fd08f7cf1cb1609c1e344975f152c7ee938d\"\u003e\u003ccode\u003e5f14fd0\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/114\"\u003e#114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/a16621b09c6db4281f81a93cb393b05dcd7b7165\"\u003e\u003ccode\u003ea16621b\u003c/code\u003e\u003c/a\u003e Bump pins in README (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/112\"\u003e#112\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/1c03e047a3633631b1e5648c48243045b1de0d25\"\u003e\u003ccode\u003e1c03e04\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3 in the github-ac...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/b572f7b1a1c2d41efaab43d504f68d215c3cd727\"\u003e\u003ccode\u003eb572f7b\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/06928c5dcba418c7d6108a4bd6e2d34cbf3c9377\"\u003e\u003ccode\u003e06928c5\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action in the github-actions group (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/109\"\u003e#109\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/5ea8b96e1078453e04a1b81443890d9e7da5ddf3\"\u003e\u003ccode\u003e5ea8b96\u003c/code\u003e\u003c/a\u003e docs: Update link to GitHub docs (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/108\"\u003e#108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/849ac260951adeb7c02481da6c7e749b39f4ea6d\"\u003e\u003ccode\u003e849ac26\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/106\"\u003e#106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/814f9778aceea8641503a8cd8f0cffebc55d790c\"\u003e\u003ccode\u003e814f977\u003c/code\u003e\u003c/a\u003e Bump pins in README (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/b1d7e1fb5de872772f31590499237e7cce841e8e...5f14fd08f7cf1cb1609c1e344975f152c7ee938d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/halostatue/mnemonist/pull/43","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/halostatue%2Fmnemonist/issues/43","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/43/packages"},{"uuid":"4575544383","node_id":"PR_kwDOSnvzYc7h_6uD","number":7,"state":"closed","title":"chore(deps): bump step-security/harden-runner from 2.17.0 to 2.19.4","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":"2026-06-04T21:28:47.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-02T22:57:18.000Z","updated_at":"2026-06-04T21:28:56.000Z","time_to_close":167489,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"step-security/harden-runner","old_version":"2.17.0","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"}],"path":null,"ecosystem":"actions"},"body":"Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.17.0 to 2.19.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/harden-runner/compare/f808768d1510423e83855289c910610ca9b43176...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/abysslink/abysslink/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/abysslink%2Fabysslink/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"},{"uuid":"4564850909","node_id":"PR_kwDODHZR0s7hc1Dt","number":414,"state":"closed","title":"build(deps): bump step-security/harden-runner from 2.19.0 to 2.19.4","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-02T05:32:56.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-01T16:53:34.000Z","updated_at":"2026-06-02T05:32:58.000Z","time_to_close":45562,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"step-security/harden-runner","old_version":"2.19.0","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"}],"path":null,"ecosystem":"actions"},"body":"Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.19.0 to 2.19.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/376d25a97f3a1640ff8cbbddaa4af25948df2cf3\"\u003e\u003ccode\u003e376d25a\u003c/code\u003e\u003c/a\u003e fix: detect ubuntu-slim runners early and bail out\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/8d3c67de8e2fe68ef647c8db1e6a09f647780f40...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner\u0026package-manager=github_actions\u0026previous-version=2.19.0\u0026new-version=2.19.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/utilitywarehouse/vault-kube-cloud-credentials/pull/414","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/utilitywarehouse%2Fvault-kube-cloud-credentials/issues/414","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/414/packages"},{"uuid":"4562662089","node_id":"PR_kwDOQQqoYs7hVqgi","number":103,"state":"open","title":"chore(ci)(deps): bump step-security/harden-runner from 2.19.1 to 2.19.4","user":"dependabot[bot]","labels":["dependencies"],"assignees":["dytsou"],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-01T11:22:43.000Z","updated_at":"2026-06-02T01:18:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(ci)(deps)","packages":[{"name":"step-security/harden-runner","old_version":"2.19.1","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"}],"path":null,"ecosystem":"actions"},"body":"Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.19.1 to 2.19.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/a5ad31d6a139d249332a2605b85202e8c0b78450...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/dytsou/intern-corner-scheduler/pull/103","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dytsou%2Fintern-corner-scheduler/issues/103","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/103/packages"},{"uuid":"4560759726","node_id":"PR_kwDONuWMVs7hPgip","number":68,"state":"open","title":"deps: Bump the actions group with 7 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-01T06:06:58.000Z","updated_at":"2026-06-01T06:07:15.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps: Bump","group_name":"actions","update_count":7,"packages":[{"name":"step-security/harden-runner","old_version":"2.19.1","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"fish-shop/install-fish-shell","old_version":"2.1.13","new_version":"2.1.16","repository_url":"https://github.com/fish-shop/install-fish-shell"},{"name":"fish-shop/indent-check","old_version":"2.2.104","new_version":"2.2.107","repository_url":"https://github.com/fish-shop/indent-check"},{"name":"fish-shop/syntax-check","old_version":"2.2.102","new_version":"2.2.105","repository_url":"https://github.com/fish-shop/syntax-check"},{"name":"fish-shop/install-plugin","old_version":"2.3.106","new_version":"2.3.109","repository_url":"https://github.com/fish-shop/install-plugin"},{"name":"fish-shop/run-fishtape-tests","old_version":"2.3.106","new_version":"2.3.109","repository_url":"https://github.com/fish-shop/run-fishtape-tests"},{"name":"zizmorcore/zizmor-action","old_version":"0.5.3","new_version":"0.5.6","repository_url":"https://github.com/zizmorcore/zizmor-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 7 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.19.1` | `2.19.4` |\n| [fish-shop/install-fish-shell](https://github.com/fish-shop/install-fish-shell) | `2.1.13` | `2.1.16` |\n| [fish-shop/indent-check](https://github.com/fish-shop/indent-check) | `2.2.104` | `2.2.107` |\n| [fish-shop/syntax-check](https://github.com/fish-shop/syntax-check) | `2.2.102` | `2.2.105` |\n| [fish-shop/install-plugin](https://github.com/fish-shop/install-plugin) | `2.3.106` | `2.3.109` |\n| [fish-shop/run-fishtape-tests](https://github.com/fish-shop/run-fishtape-tests) | `2.3.106` | `2.3.109` |\n| [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.3` | `0.5.6` |\n\nUpdates `step-security/harden-runner` from 2.19.1 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/a5ad31d6a139d249332a2605b85202e8c0b78450...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fish-shop/install-fish-shell` from 2.1.13 to 2.1.16\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fish-shop/install-fish-shell/releases\"\u003efish-shop/install-fish-shell's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.16\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 6 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/install-fish-shell/pull/296\"\u003efish-shop/install-fish-shell#296\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/install-fish-shell/compare/v2.1.15...v2.1.16\"\u003ehttps://github.com/fish-shop/install-fish-shell/compare/v2.1.15...v2.1.16\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.1.15\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 6 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/install-fish-shell/pull/294\"\u003efish-shop/install-fish-shell#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/install-fish-shell/compare/v2.1.14...v2.1.15\"\u003ehttps://github.com/fish-shop/install-fish-shell/compare/v2.1.14...v2.1.15\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.1.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 6 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/install-fish-shell/pull/292\"\u003efish-shop/install-fish-shell#292\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/install-fish-shell/compare/v2.1.13...v2.1.14\"\u003ehttps://github.com/fish-shop/install-fish-shell/compare/v2.1.13...v2.1.14\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-fish-shell/commit/3d3495a8edde019283ece78087c4da133d03dd57\"\u003e\u003ccode\u003e3d3495a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/install-fish-shell/issues/296\"\u003e#296\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-fish-shell/commit/b0e7fef56698ae08767ab8ae32ce45aa145b16e4\"\u003e\u003ccode\u003eb0e7fef\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 6 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-fish-shell/commit/4e4a4a9127862ce294c435ed52429a3967df8f02\"\u003e\u003ccode\u003e4e4a4a9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/install-fish-shell/issues/294\"\u003e#294\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-fish-shell/commit/524e2bbecb7576d2063db6767e30e2fc03ace6e7\"\u003e\u003ccode\u003e524e2bb\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 6 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-fish-shell/commit/b22f7fc0d660c162ad8a282be229ac28e85c6429\"\u003e\u003ccode\u003eb22f7fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/install-fish-shell/issues/292\"\u003e#292\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-fish-shell/commit/a000f8c44e59811ffb27c47cbf5f9788ec7b46b4\"\u003e\u003ccode\u003ea000f8c\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 6 updates\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fish-shop/install-fish-shell/compare/fe67e809bbaa60cd967a424635fd5baed7e59e63...3d3495a8edde019283ece78087c4da133d03dd57\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fish-shop/indent-check` from 2.2.104 to 2.2.107\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fish-shop/indent-check/releases\"\u003efish-shop/indent-check's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.107\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group across 1 directory with 8 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/indent-check/pull/282\"\u003efish-shop/indent-check#282\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/indent-check/compare/v2.2.106...v2.2.107\"\u003ehttps://github.com/fish-shop/indent-check/compare/v2.2.106...v2.2.107\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.106\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group across 1 directory with 8 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/indent-check/pull/279\"\u003efish-shop/indent-check#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/indent-check/compare/v2.2.105...v2.2.106\"\u003ehttps://github.com/fish-shop/indent-check/compare/v2.2.105...v2.2.106\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.105\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 7 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/indent-check/pull/276\"\u003efish-shop/indent-check#276\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/indent-check/compare/v2.2.104...v2.2.105\"\u003ehttps://github.com/fish-shop/indent-check/compare/v2.2.104...v2.2.105\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/indent-check/commit/db90fa808dfeb434620e553dec75ba0967a557e8\"\u003e\u003ccode\u003edb90fa8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/indent-check/issues/282\"\u003e#282\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/indent-check/commit/5117c891662d527bf445f5e7c2f87b8f16aaa543\"\u003e\u003ccode\u003e5117c89\u003c/code\u003e\u003c/a\u003e Bump the version-updates group across 1 directory with 8 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/indent-check/commit/9d96b57c7d28b7a1a4d63a041d512040f7bb6e04\"\u003e\u003ccode\u003e9d96b57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/indent-check/issues/279\"\u003e#279\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/indent-check/commit/e73bb742870dc1d649b43aed4849b973ec4aaf74\"\u003e\u003ccode\u003ee73bb74\u003c/code\u003e\u003c/a\u003e Bump the version-updates group across 1 directory with 8 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/indent-check/commit/de84b3764f9f8ef7bfa3aebf5e31dfd6f22df047\"\u003e\u003ccode\u003ede84b37\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/indent-check/issues/276\"\u003e#276\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/indent-check/commit/62ce8500932bec4b9ea34029a93cc3400d109973\"\u003e\u003ccode\u003e62ce850\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 7 updates\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fish-shop/indent-check/compare/40900dadd983f5747a6e5fc4d80f9e3d5ce64c6e...db90fa808dfeb434620e553dec75ba0967a557e8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fish-shop/syntax-check` from 2.2.102 to 2.2.105\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fish-shop/syntax-check/releases\"\u003efish-shop/syntax-check's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.105\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 7 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/syntax-check/pull/368\"\u003efish-shop/syntax-check#368\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/syntax-check/compare/v2.2.104...v2.2.105\"\u003ehttps://github.com/fish-shop/syntax-check/compare/v2.2.104...v2.2.105\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.104\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 7 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/syntax-check/pull/366\"\u003efish-shop/syntax-check#366\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/syntax-check/compare/v2.2.103...v2.2.104\"\u003ehttps://github.com/fish-shop/syntax-check/compare/v2.2.103...v2.2.104\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.103\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 7 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/syntax-check/pull/364\"\u003efish-shop/syntax-check#364\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/syntax-check/compare/v2.2.102...v2.2.103\"\u003ehttps://github.com/fish-shop/syntax-check/compare/v2.2.102...v2.2.103\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/syntax-check/commit/f74533521a177bc1047ea185e97dce5e89a643bd\"\u003e\u003ccode\u003ef745335\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/syntax-check/issues/368\"\u003e#368\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/syntax-check/commit/4be0ed9df37f2fef999664f42a0048d88022a341\"\u003e\u003ccode\u003e4be0ed9\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 7 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/syntax-check/commit/7f201010edb63d676371cae9f5307a9cfdb84959\"\u003e\u003ccode\u003e7f20101\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/syntax-check/issues/366\"\u003e#366\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/syntax-check/commit/bd04b2f16e4fedd78bc011e8dc4e06f6695da302\"\u003e\u003ccode\u003ebd04b2f\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 7 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/syntax-check/commit/1f0feb78ecd110df86efeeff0adcfdda177ea29d\"\u003e\u003ccode\u003e1f0feb7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/syntax-check/issues/364\"\u003e#364\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/syntax-check/commit/32997025757f71a60459a6a5c0eeb871a48e4faf\"\u003e\u003ccode\u003e3299702\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 7 updates\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fish-shop/syntax-check/compare/7566d3ae834a316caf3adc590743ef5d90416c0a...f74533521a177bc1047ea185e97dce5e89a643bd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fish-shop/install-plugin` from 2.3.106 to 2.3.109\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fish-shop/install-plugin/releases\"\u003efish-shop/install-plugin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.3.109\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group across 1 directory with 8 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/install-plugin/pull/406\"\u003efish-shop/install-plugin#406\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/install-plugin/compare/v2.3.108...v2.3.109\"\u003ehttps://github.com/fish-shop/install-plugin/compare/v2.3.108...v2.3.109\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.3.108\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 8 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/install-plugin/pull/403\"\u003efish-shop/install-plugin#403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/install-plugin/compare/v2.3.107...v2.3.108\"\u003ehttps://github.com/fish-shop/install-plugin/compare/v2.3.107...v2.3.108\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.3.107\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 8 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/install-plugin/pull/401\"\u003efish-shop/install-plugin#401\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/install-plugin/compare/v2.3.106...v2.3.107\"\u003ehttps://github.com/fish-shop/install-plugin/compare/v2.3.106...v2.3.107\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-plugin/commit/806063062927836938c02961c86c4aef0c760f3d\"\u003e\u003ccode\u003e8060630\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/install-plugin/issues/406\"\u003e#406\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-plugin/commit/d75e42eb078e5d520678e5443c7b24c308758d79\"\u003e\u003ccode\u003ed75e42e\u003c/code\u003e\u003c/a\u003e Bump the version-updates group across 1 directory with 8 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-plugin/commit/5c794185a83e048dd1d74684fecf8ce200a29a3f\"\u003e\u003ccode\u003e5c79418\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/install-plugin/issues/403\"\u003e#403\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-plugin/commit/b7cc81b52ac8461d508e957427f935162f218790\"\u003e\u003ccode\u003eb7cc81b\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 8 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-plugin/commit/9c9cb0c0cb18c67f701769267cea6c81e820affe\"\u003e\u003ccode\u003e9c9cb0c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/install-plugin/issues/401\"\u003e#401\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-plugin/commit/199d11f0f49e61e1cc6589cd9bcb5d912e6eeeb4\"\u003e\u003ccode\u003e199d11f\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 8 updates\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fish-shop/install-plugin/compare/54ee6568771da6525643d7f97d371a1b117a0aff...806063062927836938c02961c86c4aef0c760f3d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fish-shop/run-fishtape-tests` from 2.3.106 to 2.3.109\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/releases\"\u003efish-shop/run-fishtape-tests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.3.109\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 8 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/run-fishtape-tests/pull/393\"\u003efish-shop/run-fishtape-tests#393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/compare/v2.3.108...v2.3.109\"\u003ehttps://github.com/fish-shop/run-fishtape-tests/compare/v2.3.108...v2.3.109\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.3.108\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 8 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/run-fishtape-tests/pull/391\"\u003efish-shop/run-fishtape-tests#391\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/compare/v2.3.107...v2.3.108\"\u003ehttps://github.com/fish-shop/run-fishtape-tests/compare/v2.3.107...v2.3.108\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.3.107\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 8 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/run-fishtape-tests/pull/389\"\u003efish-shop/run-fishtape-tests#389\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/compare/v2.3.106...v2.3.107\"\u003ehttps://github.com/fish-shop/run-fishtape-tests/compare/v2.3.106...v2.3.107\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/commit/c23b1de96c5ad65f8601d4030f8d2b2200e23a5d\"\u003e\u003ccode\u003ec23b1de\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/run-fishtape-tests/issues/393\"\u003e#393\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/commit/5a5f7319fa769dde2e1cda2096272192fbf646da\"\u003e\u003ccode\u003e5a5f731\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 8 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/commit/1cd6303541c19d718f018a24a5e3556066d724c2\"\u003e\u003ccode\u003e1cd6303\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/run-fishtape-tests/issues/391\"\u003e#391\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/commit/4cce70e945c12b1e07e7d1dca88104bae860e9ec\"\u003e\u003ccode\u003e4cce70e\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 8 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/commit/ec22fd53fe78bebf76d10f107a96789c08dcdda8\"\u003e\u003ccode\u003eec22fd5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/run-fishtape-tests/issues/389\"\u003e#389\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/commit/7f5d343d678674fe4557d216291b3bc3f596535a\"\u003e\u003ccode\u003e7f5d343\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 8 updates\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/compare/b8a56010ff103dd7ebe8e068bae0a7e70c1c3ad8...c23b1de96c5ad65f8601d4030f8d2b2200e23a5d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmorcore/zizmor-action` from 0.5.3 to 0.5.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor-action/releases\"\u003ezizmorcore/zizmor-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e1.25.2 is now available via the action\u003c/li\u003e\n\u003cli\u003e1.25.2 is now the default version of zizmor used by the action\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.5.5\u003c/h2\u003e\n\u003cp\u003eThis is a no-op release.\u003c/p\u003e\n\u003ch2\u003ev0.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e1.25.0 is now available via the action\u003c/li\u003e\n\u003cli\u003e1.25.0 is now the default version of zizmor used by the action\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/5f14fd08f7cf1cb1609c1e344975f152c7ee938d\"\u003e\u003ccode\u003e5f14fd0\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/114\"\u003e#114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/a16621b09c6db4281f81a93cb393b05dcd7b7165\"\u003e\u003ccode\u003ea16621b\u003c/code\u003e\u003c/a\u003e Bump pins in README (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/112\"\u003e#112\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/1c03e047a3633631b1e5648c48243045b1de0d25\"\u003e\u003ccode\u003e1c03e04\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3 in the github-ac...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/b572f7b1a1c2d41efaab43d504f68d215c3cd727\"\u003e\u003ccode\u003eb572f7b\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/06928c5dcba418c7d6108a4bd6e2d34cbf3c9377\"\u003e\u003ccode\u003e06928c5\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action in the github-actions group (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/109\"\u003e#109\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/5ea8b96e1078453e04a1b81443890d9e7da5ddf3\"\u003e\u003ccode\u003e5ea8b96\u003c/code\u003e\u003c/a\u003e docs: Update link to GitHub docs (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/108\"\u003e#108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/849ac260951adeb7c02481da6c7e749b39f4ea6d\"\u003e\u003ccode\u003e849ac26\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/106\"\u003e#106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/814f9778aceea8641503a8cd8f0cffebc55d790c\"\u003e\u003ccode\u003e814f977\u003c/code\u003e\u003c/a\u003e Bump pins in README (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/b1d7e1fb5de872772f31590499237e7cce841e8e...5f14fd08f7cf1cb1609c1e344975f152c7ee938d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/halostatue/fish-chezmoi/pull/68","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/halostatue%2Ffish-chezmoi/issues/68","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/68/packages"},{"uuid":"4560110618","node_id":"PR_kwDOIOaZzs7hNZdT","number":292,"state":"open","title":"chore(deps): bump the github-actions group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-01T03:34:36.000Z","updated_at":"2026-06-01T03:34:39.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-actions","update_count":5,"packages":[{"name":"step-security/harden-runner","old_version":"2.14.1","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/setup-node","old_version":"6.3.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-node"},{"name":"changesets/action","old_version":"1.7.0","new_version":"1.8.0","repository_url":"https://github.com/changesets/action"},{"name":"github/codeql-action","old_version":"4.32.4","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"},{"name":"actions/upload-artifact","old_version":"7.0.0","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.1` | `2.19.4` |\n| [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` |\n| [changesets/action](https://github.com/changesets/action) | `1.7.0` | `1.8.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.4` | `4.36.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |\n\n\nUpdates `step-security/harden-runner` from 2.14.1 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/harden-runner/compare/e3f713f2d8f53843e71c69a996d56f51aa9adfb9...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-node` from 6.3.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-node/releases\"\u003eactions/setup-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js versions in versions.yml and bump package to v6.4.0  by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1533\"\u003eactions/setup-node#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003e\u003ccode\u003e48b55a0\u003c/code\u003e\u003c/a\u003e Update Node.js versions in versions.yml and bump package to v6.4.0 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9\"\u003e\u003ccode\u003eab72c7e\u003c/code\u003e\u003c/a\u003e Upgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/setup-node/compare/53b83947a5a98c8d113130e565377fae1a50d02f...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `changesets/action` from 1.7.0 to 1.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/changesets/action/releases\"\u003echangesets/action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.8.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/258\"\u003e#258\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/f5dbf72f96949cb0daf45152f0f63062df70e97d\"\u003e\u003ccode\u003ef5dbf72\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tom-sherman\"\u003e\u003ccode\u003e@​tom-sherman\u003c/code\u003e\u003c/a\u003e! - Support draft version PR modes with a new \u003ccode\u003eprDraft\u003c/code\u003e input. Use \u003ccode\u003ecreate\u003c/code\u003e to create new version PRs as drafts, or \u003ccode\u003ealways\u003c/code\u003e to also convert existing version PRs back to draft when updating them.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/502\"\u003e#502\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/6002dbd987f49a3c0a134910d9c7bca975b79977\"\u003e\u003ccode\u003e6002dbd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/oshytiko\"\u003e\u003ccode\u003e@​oshytiko\u003c/code\u003e\u003c/a\u003e! - Fixed initial \u003ccode\u003e.changeset\u003c/code\u003e state being picked up, when \u003ccode\u003ecwd\u003c/code\u003e parameter is provided\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/536\"\u003e#536\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/81b3f61ebffcb868f73e4c0b2682517149c834a2\"\u003e\u003ccode\u003e81b3f61\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/radnan\"\u003e\u003ccode\u003e@​radnan\u003c/code\u003e\u003c/a\u003e! - Fixed \u003ccode\u003e.changeset\u003c/code\u003e state being picked for the version command when \u003ccode\u003ecwd\u003c/code\u003e parameter is provided\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/changesets/action/blob/main/CHANGELOG.md\"\u003echangesets/action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e\u003ccode\u003e@​changesets/action\u003c/code\u003e\u003c/h1\u003e\n\u003ch2\u003e1.8.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/258\"\u003e#258\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/f5dbf72f96949cb0daf45152f0f63062df70e97d\"\u003e\u003ccode\u003ef5dbf72\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tom-sherman\"\u003e\u003ccode\u003e@​tom-sherman\u003c/code\u003e\u003c/a\u003e! - Support draft version PR modes with a new \u003ccode\u003eprDraft\u003c/code\u003e input. Use \u003ccode\u003ecreate\u003c/code\u003e to create new version PRs as drafts, or \u003ccode\u003ealways\u003c/code\u003e to also convert existing version PRs back to draft when updating them.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/502\"\u003e#502\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/6002dbd987f49a3c0a134910d9c7bca975b79977\"\u003e\u003ccode\u003e6002dbd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/oshytiko\"\u003e\u003ccode\u003e@​oshytiko\u003c/code\u003e\u003c/a\u003e! - Fixed initial \u003ccode\u003e.changeset\u003c/code\u003e state being picked up, when \u003ccode\u003ecwd\u003c/code\u003e parameter is provided\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/536\"\u003e#536\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/81b3f61ebffcb868f73e4c0b2682517149c834a2\"\u003e\u003ccode\u003e81b3f61\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/radnan\"\u003e\u003ccode\u003e@​radnan\u003c/code\u003e\u003c/a\u003e! - Fixed \u003ccode\u003e.changeset\u003c/code\u003e state being picked for the version command when \u003ccode\u003ecwd\u003c/code\u003e parameter is provided\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/564\"\u003e#564\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/935fe876b0054dfc962ac86bcddf028460040d46\"\u003e\u003ccode\u003e935fe87\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Automatically use the GitHub-provided token to allow most users to avoid explicit \u003ccode\u003eGITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\u003c/code\u003e configuration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/545\"\u003e#545\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/54220dd92c06e7da112b139f95d8beb933e4cdde\"\u003e\u003ccode\u003e54220dd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ryanbas21\"\u003e\u003ccode\u003e@​ryanbas21\u003c/code\u003e\u003c/a\u003e! - The \u003ccode\u003e.npmrc\u003c/code\u003e generation now intelligently handles both traditional NPM token authentication and trusted publishing scenarios by only appending the auth token when \u003ccode\u003eNPM_TOKEN\u003c/code\u003e is defined. This prevents 'undefined' from being written to the registry configuration when using OIDC tokens from GitHub Actions trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/563\"\u003e#563\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/6af4a7ec080d23ac6b304f69b67fd0aa92e089e7\"\u003e\u003ccode\u003e6af4a7e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Don't error on already committed symlinks and executables that stay untouched\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.6.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/558\"\u003e#558\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/342005d41242bccd9dd9ae8d3679efce96af48ae\"\u003e\u003ccode\u003e342005d\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/harsha-venugopal-ledn\"\u003e\u003ccode\u003e@​harsha-venugopal-ledn\u003c/code\u003e\u003c/a\u003e! - Upgrade from Node.js 20 to Node.js 24 LTS\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.5.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/477\"\u003e#477\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/9d933dcd11c284ac49a835db884c3c1008b2b96f\"\u003e\u003ccode\u003e9d933dc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Updated \u003ccode\u003e@actions/*\u003c/code\u003e and \u003ccode\u003e@octokit/*\u003c/code\u003e dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/479\"\u003e#479\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/cf373e45c90a0cc564cd2770de3e9a3a4cdd4603\"\u003e\u003ccode\u003ecf373e4\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Switched to \u003ccode\u003eesbuild\u003c/code\u003e for bundling the dist file. This led to 45% file size reduction.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/488\"\u003e#488\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/022692ba027b33bf46d4d41907a317fbf04461a7\"\u003e\u003ccode\u003e022692b\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/s0\"\u003e\u003ccode\u003e@​s0\u003c/code\u003e\u003c/a\u003e! - Fix PRs sometimes not getting reopened with \u003ccode\u003ecommitMode: github-api\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eThere was a race-condition that means sometimes existing PRs would not be found,\nand new PRs would be opened. This has now been fixed by fetching existing PRs\nbefore making any changes.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/486\"\u003e#486\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/7ed195554624ebd75c08aa477b53110f61cc78f7\"\u003e\u003ccode\u003e7ed1955\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/s0\"\u003e\u003ccode\u003e@​s0\u003c/code\u003e\u003c/a\u003e! - Fixed situations in which \u003ccode\u003ecwd\u003c/code\u003e was specified as a relative path and used with (default) \u003ccode\u003ecommitMode: git-cli\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/461\"\u003e#461\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/e9c36b696406360bf04204ad32e3dcf3ad752b77\"\u003e\u003ccode\u003ee9c36b6\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/nayounsang\"\u003e\u003ccode\u003e@​nayounsang\u003c/code\u003e\u003c/a\u003e! - Avoid hitting a deprecation warning when encountering errors from \u003ccode\u003e@octokit/request-error\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/63a615b9cd06ba9a3e6d13796c7fbcb080a60a0b\"\u003e\u003ccode\u003e63a615b\u003c/code\u003e\u003c/a\u003e v1.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/84c24326acc93f51d3f24f30a546316c82e2115c\"\u003e\u003ccode\u003e84c2432\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/changesets/action/issues/598\"\u003e#598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/f5dbf72f96949cb0daf45152f0f63062df70e97d\"\u003e\u003ccode\u003ef5dbf72\u003c/code\u003e\u003c/a\u003e Add draft mode support (\u003ca href=\"https://redirect.github.com/changesets/action/issues/258\"\u003e#258\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/91b911142e975cceaa134eecb302493230d68c05\"\u003e\u003ccode\u003e91b9111\u003c/code\u003e\u003c/a\u003e Protect publishes with env gate (\u003ca href=\"https://redirect.github.com/changesets/action/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/d4c53c294341eec8a419ec2d1927138bfdeec234\"\u003e\u003ccode\u003ed4c53c2\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eCODEOWNERS\u003c/code\u003e pattern\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/2ae596f3dd74aaee4f346b31fda33a58528d3d40\"\u003e\u003ccode\u003e2ae596f\u003c/code\u003e\u003c/a\u003e Tweak CI setup (\u003ca href=\"https://redirect.github.com/changesets/action/issues/599\"\u003e#599\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/0784b0ec8fcaa273fc06742c926ee7cfc946a8e7\"\u003e\u003ccode\u003e0784b0e\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eCODEOWNERS\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/81b3f61ebffcb868f73e4c0b2682517149c834a2\"\u003e\u003ccode\u003e81b3f61\u003c/code\u003e\u003c/a\u003e Fixed \u003ccode\u003e.changeset\u003c/code\u003e state being picked for the version command when \u003ccode\u003ecwd\u003c/code\u003e para...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/6002dbd987f49a3c0a134910d9c7bca975b79977\"\u003e\u003ccode\u003e6002dbd\u003c/code\u003e\u003c/a\u003e Fix reading \u003ccode\u003e.changeset\u003c/code\u003e directory from path provided in \u003ccode\u003ecwd\u003c/code\u003e parameter (\u003ca href=\"https://redirect.github.com/changesets/action/issues/502\"\u003e#502\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/changesets/action/compare/6a0a831ff30acef54f2c6aa1cbbc1096b066edaf...63a615b9cd06ba9a3e6d13796c7fbcb080a60a0b\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.4 to 4.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/89a39a4e59826350b863aa6b6252a07ad50cf83e...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 7.0.0 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/OpenAlly/npm-packages/pull/292","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenAlly%2Fnpm-packages/issues/292","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/292/packages"},{"uuid":"4559969753","node_id":"PR_kwDOSOOods7hM8yw","number":27,"state":"closed","title":"Bump the dependencies group across 1 directory with 10 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-08T01:30:58.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-01T02:53:06.000Z","updated_at":"2026-06-08T01:30:59.000Z","time_to_close":599872,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"dependencies","update_count":10,"packages":[{"name":"step-security/harden-runner","old_version":"2.19.0","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"fluxcd/flux2","old_version":"2.8.6","new_version":"2.8.8","repository_url":"https://github.com/fluxcd/flux2"},{"name":"step-security/semver-utils","old_version":"4.3.2","new_version":"5.0.0","repository_url":"https://github.com/step-security/semver-utils"},{"name":"step-security/close-milestone","old_version":"2.2.1","new_version":"2.2.2","repository_url":"https://github.com/step-security/close-milestone"},{"name":"sigstore/cosign-installer","old_version":"4.1.1","new_version":"4.1.2","repository_url":"https://github.com/sigstore/cosign-installer"},{"name":"docker/login-action","old_version":"4.1.0","new_version":"4.2.0","repository_url":"https://github.com/docker/login-action"},{"name":"docker/setup-qemu-action","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/docker/setup-qemu-action"},{"name":"docker/setup-buildx-action","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/build-push-action","old_version":"7.1.0","new_version":"7.2.0","repository_url":"https://github.com/docker/build-push-action"},{"name":"securego/gosec","old_version":"2.25.0","new_version":"2.26.1","repository_url":"https://github.com/securego/gosec"}],"path":null,"ecosystem":"actions"},"body":"Bumps the dependencies group with 10 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.19.0` | `2.19.4` |\n| [fluxcd/flux2](https://github.com/fluxcd/flux2) | `2.8.6` | `2.8.8` |\n| [step-security/semver-utils](https://github.com/step-security/semver-utils) | `4.3.2` | `5.0.0` |\n| [step-security/close-milestone](https://github.com/step-security/close-milestone) | `2.2.1` | `2.2.2` |\n| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.1.1` | `4.1.2` |\n| [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` |\n| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.0.0` | `4.1.0` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` |\n| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.1.0` | `7.2.0` |\n| [securego/gosec](https://github.com/securego/gosec) | `2.25.0` | `2.26.1` |\n\n\nUpdates `step-security/harden-runner` from 2.19.0 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/376d25a97f3a1640ff8cbbddaa4af25948df2cf3\"\u003e\u003ccode\u003e376d25a\u003c/code\u003e\u003c/a\u003e fix: detect ubuntu-slim runners early and bail out\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/8d3c67de8e2fe68ef647c8db1e6a09f647780f40...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fluxcd/flux2` from 2.8.6 to 2.8.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fluxcd/flux2/releases\"\u003efluxcd/flux2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.8\u003c/h2\u003e\n\u003ch2\u003eHighlights\u003c/h2\u003e\n\u003cp\u003eFlux v2.8.8 is a patch release that includes CVE fixes via go-git v5.19.1 (source-controller, image-automation-controller), reliability fixes in helm-controller and source-controller, the move of Helm back to upstream v4.2.0, support for GCP sovereign cloud artifact registries, and dependency updates. Users are encouraged to upgrade for the best experience.\u003c/p\u003e\n\u003cp\u003eℹ️ Please follow the \u003ca href=\"https://github.com/fluxcd/flux2/discussions/5572\"\u003eUpgrade Procedure for Flux v2.7+\u003c/a\u003e for a smooth upgrade from Flux v2.6 to the latest version.\u003c/p\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a configurable HTTP timeout for artifact fetching, preventing fetches that could block indefinitely and stall reconciliations (helm-controller)\u003c/li\u003e\n\u003cli\u003eFix unbounded memory growth caused by a Kubernetes client transport retry wrapper accumulating on every reconcile (helm-controller)\u003c/li\u003e\n\u003cli\u003eStop force-applying non-CRD objects placed under a chart's \u003ccode\u003ecrds/\u003c/code\u003e directory (helm-controller)\u003c/li\u003e\n\u003cli\u003eFix the Helm test action failing to find releases with names longer than 53 characters (helm-controller)\u003c/li\u003e\n\u003cli\u003eImprove path handling in the source reconcilers (source-controller)\u003c/li\u003e\n\u003cli\u003eSupport Helm semver build-metadata encoding in OCIRepository tags (source-controller)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eImprovements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate go-git to v5.19.1 which fixes \u003ca href=\"https://github.com/advisories/GHSA-crhj-59gh-8x96\"\u003eCVE-2026-45571\u003c/a\u003e and \u003ca href=\"https://github.com/advisories/GHSA-m7cr-m3pv-hgrp\"\u003eCVE-2026-45570\u003c/a\u003e (source-controller, image-automation-controller)\u003c/li\u003e\n\u003cli\u003eMove Helm back to upstream v4.2.0 (source-controller, helm-controller)\u003c/li\u003e\n\u003cli\u003eAdd support for GCP sovereign cloud artifact registries (source-controller, image-reflector-controller)\u003c/li\u003e\n\u003cli\u003eUpgrade Kubernetes to 1.36.1 (source-controller, helm-controller)\u003c/li\u003e\n\u003cli\u003eUpdate fluxcd/pkg dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eComponents changelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ehelm-controller \u003ca href=\"https://github.com/fluxcd/helm-controller/blob/v1.5.5/CHANGELOG.md\"\u003ev1.5.5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimage-automation-controller \u003ca href=\"https://github.com/fluxcd/image-automation-controller/blob/v1.1.4/CHANGELOG.md\"\u003ev1.1.4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimage-reflector-controller \u003ca href=\"https://github.com/fluxcd/image-reflector-controller/blob/v1.1.2/CHANGELOG.md\"\u003ev1.1.2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esource-controller \u003ca href=\"https://github.com/fluxcd/source-controller/blob/v1.8.5/CHANGELOG.md\"\u003ev1.8.5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCLI changelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate toolkit components by \u003ca href=\"https://github.com/fluxcdbot\"\u003e\u003ccode\u003e@​fluxcdbot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fluxcd/flux2/pull/5904\"\u003efluxcd/flux2#5904\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fluxcd/flux2/compare/v2.8.7...v2.8.8\"\u003ehttps://github.com/fluxcd/flux2/compare/v2.8.7...v2.8.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.7\u003c/h2\u003e\n\u003ch2\u003eHighlights\u003c/h2\u003e\n\u003cp\u003eFlux v2.8.7 is a patch release that includes a bug fix in kustomize-controller, a CVE fix in source-controller and image-automation-controller via go-git v5.19.0, and dependency updates. Users are encouraged to upgrade for the best experience.\u003c/p\u003e\n\u003cp\u003eℹ️ Please follow the \u003ca href=\"https://github.com/fluxcd/flux2/discussions/5572\"\u003eUpgrade Procedure for Flux v2.7+\u003c/a\u003e for a smooth upgrade from Flux v2.6 to the latest version.\u003c/p\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix management of objects annotated with \u003ccode\u003ekustomize.toolkit.fluxcd.io/ssa: IfNotPresent\u003c/code\u003e where non-namespaced resources were being deleted and recreated on each reconciliation (kustomize-controller)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eImprovements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate go-git to v5.19.0 which fixes \u003ca href=\"https://github.com/advisories/GHSA-389r-gv7p-r3rp\"\u003eCVE-2026-45022\u003c/a\u003e (source-controller, image-automation-controller)\u003c/li\u003e\n\u003cli\u003eUpdate fluxcd/pkg dependencies (source-controller, kustomize-controller, image-automation-controller)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eComponents changelog\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/1fd61a06264d71cf445ed55c4f14d401d26a1c64\"\u003e\u003ccode\u003e1fd61a0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5904\"\u003e#5904\u003c/a\u003e from fluxcd/update-components-release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/477f048ec0c3c47ce402c5be45cb67b9b2b84386\"\u003e\u003ccode\u003e477f048\u003c/code\u003e\u003c/a\u003e Update toolkit components\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/0acfaa26c6219cb08e3add4432b981436b2a4f49\"\u003e\u003ccode\u003e0acfaa2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5899\"\u003e#5899\u003c/a\u003e from fluxcd/update-pkg-deps/release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/264957f40bef9d139323341e7466548ebba17c27\"\u003e\u003ccode\u003e264957f\u003c/code\u003e\u003c/a\u003e Update fluxcd/pkg dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/54e4ba378e155ada619caafdc599e5c4d759ce5c\"\u003e\u003ccode\u003e54e4ba3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5891\"\u003e#5891\u003c/a\u003e from fluxcd/update-components-release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/d2fbb16656555a93adfb5aa0ec7ca145919acacb\"\u003e\u003ccode\u003ed2fbb16\u003c/code\u003e\u003c/a\u003e Update toolkit components\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/66533d7c9027618340b96e7a925cbef4f43f4dfc\"\u003e\u003ccode\u003e66533d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5882\"\u003e#5882\u003c/a\u003e from fluxcd/backport-5881-to-release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/7ac36233f338adf90eb7546533f87c23a32d50fc\"\u003e\u003ccode\u003e7ac3623\u003c/code\u003e\u003c/a\u003e include source-watcher in install manifests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fluxcd/flux2/compare/04acaec6161ac4fb1a82ffafa88901c03271d34f...1fd61a06264d71cf445ed55c4f14d401d26a1c64\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `step-security/semver-utils` from 4.3.2 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/semver-utils/releases\"\u003estep-security/semver-utils's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/220\"\u003estep-security/semver-utils#220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/221\"\u003estep-security/semver-utils#221\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade packages to fix vulnerabilities by \u003ca href=\"https://github.com/Raj-StepSecurity\"\u003e\u003ccode\u003e@​Raj-StepSecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/222\"\u003estep-security/semver-utils#222\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/223\"\u003estep-security/semver-utils#223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/224\"\u003estep-security/semver-utils#224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Remove guarddog.yml by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/225\"\u003estep-security/semver-utils#225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/227\"\u003estep-security/semver-utils#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add claude review workflow by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/228\"\u003estep-security/semver-utils#228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: added banner and update subscription check to make maintained actions free for public repos by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/226\"\u003estep-security/semver-utils#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 4.1.1 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/175\"\u003estep-security/semver-utils#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/202\"\u003estep-security/semver-utils#202\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github/codeql-action from 3.24.3 to 4.35.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/218\"\u003estep-security/semver-utils#218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/dependency-review-action from 4.1.3 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/209\"\u003estep-security/semver-utils#209\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Update auto cherry-pick workflow by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/230\"\u003estep-security/semver-utils#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Cherry-picked changes from upstream by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/229\"\u003estep-security/semver-utils#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/225\"\u003estep-security/semver-utils#225\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/semver-utils/compare/v4...v5.0.0\"\u003ehttps://github.com/step-security/semver-utils/compare/v4...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/5bb182a08240146b23b61cc002cb74004377da4b\"\u003e\u003ccode\u003e5bb182a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/229\"\u003e#229\u003c/a\u003e from step-security/auto-cherry-pick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/57d3f51f108d62d579217a48d6ea0098e9a183ee\"\u003e\u003ccode\u003e57d3f51\u003c/code\u003e\u003c/a\u003e chore: Bump version in package.json and lock file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/6ac856db625c45a3598e902d3d41ff82e6c6225b\"\u003e\u003ccode\u003e6ac856d\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into auto-cherry-pick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/b36e30950176cfdc82294700f613aa2bcffe72f0\"\u003e\u003ccode\u003eb36e309\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/230\"\u003e#230\u003c/a\u003e from step-security/fix-auto-cherry-pick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/385280376f65b1dfeedc496f98d305d0b42ab1a0\"\u003e\u003ccode\u003e3852803\u003c/code\u003e\u003c/a\u003e fix: Update auto cherry-pick workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/dbfcfd87d115b9a32284e1b53930aae83c1820e5\"\u003e\u003ccode\u003edbfcfd8\u003c/code\u003e\u003c/a\u003e chore: Cherry-pick changes from upstream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/ecb04aec3bade353524b29c14ba3579d7c45779c\"\u003e\u003ccode\u003eecb04ae\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/ba69ca4900a31d80c7f4d9556f25e85777cbcaa7\"\u003e\u003ccode\u003eba69ca4\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/6f8e4f9839152d933a82fe6bdf6802d389b120d7\"\u003e\u003ccode\u003e6f8e4f9\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/9e44e9ebb00a2d5a1d8ef8886eb5c2a809949843\"\u003e\u003ccode\u003e9e44e9e\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/semver-utils/compare/4ae9c1fd6d1c5f8f152fe7e2efe8069a952c2ace...5bb182a08240146b23b61cc002cb74004377da4b\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `step-security/close-milestone` from 2.2.1 to 2.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/close-milestone/releases\"\u003estep-security/close-milestone's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/109\"\u003estep-security/close-milestone#109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/125\"\u003estep-security/close-milestone#125\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/126\"\u003estep-security/close-milestone#126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/127\"\u003estep-security/close-milestone#127\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/128\"\u003estep-security/close-milestone#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/129\"\u003estep-security/close-milestone#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/130\"\u003estep-security/close-milestone#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/131\"\u003estep-security/close-milestone#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/132\"\u003estep-security/close-milestone#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/133\"\u003estep-security/close-milestone#133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/134\"\u003estep-security/close-milestone#134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade packages to fix vulnerabilities by \u003ca href=\"https://github.com/Raj-StepSecurity\"\u003e\u003ccode\u003e@​Raj-StepSecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/135\"\u003estep-security/close-milestone#135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/136\"\u003estep-security/close-milestone#136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/137\"\u003estep-security/close-milestone#137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/138\"\u003estep-security/close-milestone#138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Remove guarddog.yml by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/139\"\u003estep-security/close-milestone#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/141\"\u003estep-security/close-milestone#141\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/142\"\u003estep-security/close-milestone#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: create claude_review.yml by \u003ca href=\"https://github.com/amanstep\"\u003e\u003ccode\u003e@​amanstep\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/143\"\u003estep-security/close-milestone#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: added banner and update subscription check to make maintained actions free for public repos by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/140\"\u003estep-security/close-milestone#140\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/139\"\u003estep-security/close-milestone#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amanstep\"\u003e\u003ccode\u003e@​amanstep\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/143\"\u003estep-security/close-milestone#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/close-milestone/compare/v2...v2.2.2\"\u003ehttps://github.com/step-security/close-milestone/compare/v2...v2.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/d6e3b63e31f1f869bd3d0403f8cdc1a68f59ab4a\"\u003e\u003ccode\u003ed6e3b63\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/140\"\u003e#140\u003c/a\u003e from step-security/feat/update-subscription-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/863f964626093731ac2c636fa7dc5ff3d2644274\"\u003e\u003ccode\u003e863f964\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into feat/update-subscription-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/e1b596a61a6ecc976f5da769dd6d7fa404a0d678\"\u003e\u003ccode\u003ee1b596a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/143\"\u003e#143\u003c/a\u003e from step-security/amanstep-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/46baafa0c6c0df51b9d34812be4ae404ccbd2e46\"\u003e\u003ccode\u003e46baafa\u003c/code\u003e\u003c/a\u003e format: fixed formatting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/6bc6bcafec2bf2bebc8ab86081cdd0b8f2630caf\"\u003e\u003ccode\u003e6bc6bca\u003c/code\u003e\u003c/a\u003e ci: create claude_review.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/e988771562706195b18b9441460b11d785b5904d\"\u003e\u003ccode\u003ee988771\u003c/code\u003e\u003c/a\u003e chore: dist updated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/07bcad02d188d4bdc830f6403f27aa3a63d9230e\"\u003e\u003ccode\u003e07bcad0\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into feat/update-subscription-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/bde7f30187b35ad62a306764515a07135f09a465\"\u003e\u003ccode\u003ebde7f30\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/142\"\u003e#142\u003c/a\u003e from step-security/npm-audit-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/c147b794f062d8a0fa8066b154701c8dda26b2ca\"\u003e\u003ccode\u003ec147b79\u003c/code\u003e\u003c/a\u003e fix: apply audit fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/5e1530b9f64d08ab27a6804b967af5a24b50792d\"\u003e\u003ccode\u003e5e1530b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/141\"\u003e#141\u003c/a\u003e from step-security/npm-audit-fix\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/close-milestone/compare/b097272a7aaa0f5c40dc6bc671d45d35c5e85b51...d6e3b63e31f1f869bd3d0403f8cdc1a68f59ab4a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sigstore/cosign-installer` from 4.1.1 to 4.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sigstore/cosign-installer/releases\"\u003esigstore/cosign-installer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump cosign to 3.0.6 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/232\"\u003esigstore/cosign-installer#232\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003e\u003ccode\u003e6f9f177\u003c/code\u003e\u003c/a\u003e Bump cosign to 3.0.6 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/b5e753ae2d39589c7b38850b463739151fc67f07\"\u003e\u003ccode\u003eb5e753a\u003c/code\u003e\u003c/a\u003e Bump actions/github-script from 8.0.0 to 9.0.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/230\"\u003e#230\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/115e4ce455e573aa6e9ba51e8d040ddd5c1378af\"\u003e\u003ccode\u003e115e4ce\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 6.3.0 to 6.4.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003...6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/login-action` from 4.1.0 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/login-action/releases\"\u003edocker/login-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/976\"\u003edocker/login-action#976\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1050.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/960\"\u003edocker/login-action#960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/970\"\u003edocker/login-action#970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.1 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/993\"\u003edocker/login-action#993\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/985\"\u003edocker/login-action#985\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.6 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/963\"\u003edocker/login-action#963\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 9.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/961\"\u003edocker/login-action#961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/979\"\u003edocker/login-action#979\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/991\"\u003edocker/login-action#991\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.3 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/986\"\u003edocker/login-action#986\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.1.0...v4.2.0\"\u003ehttps://github.com/docker/login-action/compare/v4.1.0...v4.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003e\u003ccode\u003e650006c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/960\"\u003e#960\u003c/a\u003e from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/99df1a3f6d65e48177ea57671a50e2242eae4b63\"\u003e\u003ccode\u003e99df1a3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3ab375f324f46da5f6901efeda4be4e2566ebaa2\"\u003e\u003ccode\u003e3ab375f\u003c/code\u003e\u003c/a\u003e build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/39d85804ae465a1816c68ff58158ec66883981b4\"\u003e\u003ccode\u003e39d8580\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/970\"\u003e#970\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/4eefcd33ca7213989697445a78b6730274bfaba6\"\u003e\u003ccode\u003e4eefcd3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/56d092c8b3f04006c22f4fc20a2b3d2442caed56\"\u003e\u003ccode\u003e56d092c\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/e2e31ca87063ae00fd41ad3b9c548dd8ec24c5ff\"\u003e\u003ccode\u003ee2e31ca\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/976\"\u003e#976\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/0bced941e843afc786fbfd58b1c6c13ca11e09c9\"\u003e\u003ccode\u003e0bced94\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3e75a0f266b07e09777a621d0ca5f4432ef9f10c\"\u003e\u003ccode\u003e3e75a0f\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/365bebd9d646160567ebad47824f026e09ee6970\"\u003e\u003ccode\u003e365bebd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/984\"\u003e#984\u003c/a\u003e from docker/dependabot/github_actions/aws-actions/con...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/login-action/compare/4907a6ddec9925e35a0a9e82d7399ccc52663121...650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-qemu-action` from 4.0.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-qemu-action/releases\"\u003edocker/setup-qemu-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ereset\u003c/code\u003e input to uninstall current emulators by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/21\"\u003edocker/setup-qemu-action#21\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.77.0 to 0.91.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/250\"\u003edocker/setup-qemu-action#250\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/247\"\u003edocker/setup-qemu-action#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.15 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/265\"\u003edocker/setup-qemu-action#265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.0.0 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/286\"\u003edocker/setup-qemu-action#286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/255\"\u003edocker/setup-qemu-action#255\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/257\"\u003edocker/setup-qemu-action#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.15 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/254\"\u003edocker/setup-qemu-action#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/262\"\u003edocker/setup-qemu-action#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/273\"\u003edocker/setup-qemu-action#273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/285\"\u003edocker/setup-qemu-action#285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/287\"\u003edocker/setup-qemu-action#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tmp from 0.2.5 to 0.2.6 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/291\"\u003edocker/setup-qemu-action#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.26.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/251\"\u003edocker/setup-qemu-action#251\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/271\"\u003edocker/setup-qemu-action#271\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-qemu-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/setup-qemu-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/06116385d9baf250c9f4dcb4858b16962ea869c3\"\u003e\u003ccode\u003e0611638\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/21\"\u003e#21\u003c/a\u003e from crazy-max/uninst\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/ce59c818a5ff16552ddf7407ee7cb00bea682925\"\u003e\u003ccode\u003ece59c81\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/2ddad4401e17fa807e8a3c4bd289ccdd993f0868\"\u003e\u003ccode\u003e2ddad44\u003c/code\u003e\u003c/a\u003e uninstall current emulators\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/8c37cd6f3456e1f3f3026250eac496709e9e7e10\"\u003e\u003ccode\u003e8c37cd6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/250\"\u003e#250\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/d1a0ff34af591b8e290e46f3fa114ef5bb81cd1c\"\u003e\u003ccode\u003ed1a0ff3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/0a8f3dc12541cc2c3b19c182a1a2c90a2c8b8d93\"\u003e\u003ccode\u003e0a8f3dc\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.91.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/9430f61a7691bd1bfdc4d6ba70e558659d36fa7a\"\u003e\u003ccode\u003e9430f61\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/291\"\u003e#291\u003c/a\u003e from docker/dependabot/npm_and_yarn/tmp-0.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/978bd7796cb6698377e7af6726b726e5ced642d0\"\u003e\u003ccode\u003e978bd77\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/3479febc62cc0fbcb98c7c7fc0dac778c0d79d6a\"\u003e\u003ccode\u003e3479feb\u003c/code\u003e\u003c/a\u003e build(deps): bump tmp from 0.2.5 to 0.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/b113c264143c28c2974bed61af25be32d32f4782\"\u003e\u003ccode\u003eb113c26\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/255\"\u003e#255\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-5...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-qemu-action/compare/ce360397dd3f832beb865e1373c09c0e9f86d70a...06116385d9baf250c9f4dcb4858b16962ea869c3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-buildx-action` from 4.0.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-buildx-action/releases\"\u003edocker/setup-buildx-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/489\"\u003edocker/setup-buildx-action#489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/547\"\u003edocker/setup-buildx-action#547\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/508\"\u003edocker/setup-buildx-action#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.0.0 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/540\"\u003edocker/setup-buildx-action#540\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/496\"\u003edocker/setup-buildx-action#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/499\"\u003edocker/setup-buildx-action#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 13.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/495\"\u003edocker/setup-buildx-action#495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/504\"\u003edocker/setup-buildx-action#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/523\"\u003edocker/setup-buildx-action#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/503\"\u003edocker/setup-buildx-action#503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/537\"\u003edocker/setup-buildx-action#537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/545\"\u003edocker/setup-buildx-action#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.25.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/492\"\u003edocker/setup-buildx-action#492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/520\"\u003edocker/setup-buildx-action#520\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5\"\u003e\u003ccode\u003ed7f5e7f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/489\"\u003e#489\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/92bc5c9777806d0a73d9d668ba2114fa1177f164\"\u003e\u003ccode\u003e92bc5c9\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/da11e35abee0f20cb4f1c1b7c461d37c29be52f5\"\u003e\u003ccode\u003eda11e35\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/f021e162ef95b6fba51af1c6674f537f25bce851\"\u003e\u003ccode\u003ef021e16\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/492\"\u003e#492\u003c/a\u003e from docker/dependabot/npm_and_yarn/undici-6.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/b5af94fab700aee0c64d6077e0e34ae987815b67\"\u003e\u003ccode\u003eb5af94f\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/16ad9776a801d0c47f0a05f007b88a3789aa8ab6\"\u003e\u003ccode\u003e16ad977\u003c/code\u003e\u003c/a\u003e build(deps): bump undici from 6.23.0 to 6.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/d7a12d7df895b33bd02a9b4bf62a12f2b9a24458\"\u003e\u003ccode\u003ed7a12d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/495\"\u003e#495\u003c/a\u003e from docker/dependabot/npm_and_yarn/glob-10.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/28ff27de4eed7518d361591f2cd1dfb69c34a7cb\"\u003e\u003ccode\u003e28ff27d\u003c/code\u003e\u003c/a\u003e build(deps): bump glob from 10.3.12 to 13.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/daf436b50e13d9053b9730cbc16516891878b019\"\u003e\u003ccode\u003edaf436b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/496\"\u003e#496\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-5...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/9725348367859764880f2f2e688a6b0c353e3f35\"\u003e\u003ccode\u003e9725348\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/build-push-action` from 7.1.0 to 7.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/build-push-action/releases\"\u003edocker/build-push-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1525\"\u003edocker/build-push-action#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1517\"\u003edocker/build-push-action#1517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.2 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1534\"\u003edocker/build-push-action#1534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1529\"\u003edocker/build-push-action#1529\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.5.7 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1521\"\u003edocker/build-push-action#1521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1526\"\u003edocker/build-push-action#1526\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1533\"\u003edocker/build-push-action#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003e\u003ccode\u003ef9f3042\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1517\"\u003e#1517\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/812d5fd9212a4c5d419e5be02fd8e9bb435c5d76\"\u003e\u003ccode\u003e812d5fd\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/b6f66930769f2917a3275dc4d81f15583ac7e105\"\u003e\u003ccode\u003eb6f6693\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/c1c626eced73a500ec65c4256c620b3b9e8278c0\"\u003e\u003ccode\u003ec1c626e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1525\"\u003e#1525\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/51bb284cd4d05650aa6f5e4e22cb96d2cbfe62b7\"\u003e\u003ccode\u003e51bb284\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/5f7884def8f133e8ef40c53d003d1471c05621c6\"\u003e\u003ccode\u003e5f7884d\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/e01deff7d956c756a20f3e19ff7ddc0e4a50fc1d\"\u003e\u003ccode\u003ee01deff\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1521\"\u003e#1521\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/3804d497934b39bd591ee9d1c6c9e593b4488a67\"\u003e\u003ccode\u003e3804d49\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/71e8947aac5dad23ce83a43e9c98f750e02de2f3\"\u003e\u003ccode\u003e71e8947\u003c/code\u003e\u003c/a\u003e chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/4925ad24cdbc42ff492d76cf9fe7a30b79976b60\"\u003e\u003ccode\u003e4925ad2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1526\"\u003e#1526\u003c/a\u003e from docker/dependabot/npm_and_yarn/postcss-8.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/build-push-action/compare/bcafcacb16a39f128d818304e6c9c0c18556b85f...f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `securego/gosec` from 2.25.0 to 2.26.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/securego/gosec/releases\"\u003esecurego/gosec's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.26.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e4a3bd8af174872c778439083ded7adbf3747e770 Update cosign to v3.0.6 (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1659\"\u003e#1659\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/4a3bd8af174872c778439083ded7adbf3747e770\"\u003e\u003ccode\u003e4a3bd8a\u003c/code\u003e\u003c/a\u003e Update cosign to v3.0.6 (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1659\"\u003e#1659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/553d8a50502028375f270b69e959dc11c7952608\"\u003e\u003ccode\u003e553d8a5\u003c/code\u003e\u003c/a\u003e Sync taint rule docs and add missing CWE mappings for G113/G307 (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1658\"\u003e#1658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/bf0ccd3df8261d964761107a6a95e6ea1c3827d4\"\u003e\u003ccode\u003ebf0ccd3\u003c/code\u003e\u003c/a\u003e Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/4ead098510926e1015958a36dc966bfcb7f6ee11\"\u003e\u003ccode\u003e4ead098\u003c/code\u003e\u003c/a\u003e Add G710 rule for open redirect via taint analysis (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1654\"\u003e#1654\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/8ff985fe09b4ab91eeee620dbe4b1040d3455ce9\"\u003e\u003ccode\u003e8ff985f\u003c/code\u003e\u003c/a\u003e Fix formatting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/a1aad0cd00df35c86209a9e6061111dacbd9907d\"\u003e\u003ccode\u003ea1aad0c\u003c/code\u003e\u003c/a\u003e Update the default models use by autofix and phase out the older models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/74bdf7f88000ef7e94c313aa2e7ee940d8441cd3\"\u003e\u003ccode\u003e74bdf7f\u003c/code\u003e\u003c/a\u003e Format and clean-up the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/74dc9893d6580d70cffff6af97c326a839e39ac0\"\u003e\u003ccode\u003e74dc989\u003c/code\u003e\u003c/a\u003e Add HTTP file-serving function to the skins of pathtraversal analyzer (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1647\"\u003e#1647\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/70201119fe26d60395006dbb0f5baa9837c5e37d\"\u003e\u003ccode\u003e7020111\u003c/code\u003e\u003c/a\u003e Skip flaging the TLS min version for go 1.18+ (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1646\"\u003e#1646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/d5869fccbc7e2b7b091d78c3fd359f9977aa0341\"\u003e\u003ccode\u003ed5869fc\u003c/code\u003e\u003c/a\u003e chore(deps): bump go.opentelemetry.io/otel from 1.39.0 to 1.41.0 (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1645\"\u003e#1645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/securego/gosec/compare/223e19b8856e00f02cc67804499a83f77e208f3c...4a3bd8af174872c778439083ded7adbf3747e770\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/oyakh1/hiero-mirror-node--006/pull/27","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/oyakh1%2Fhiero-mirror-node--006/issues/27","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/27/packages"},{"uuid":"4558532808","node_id":"PR_kwDOStM2n87hIk5A","number":4,"state":"open","title":"github-actions(deps): bump step-security/harden-runner from 2.4.0 to 2.19.4","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-31T18:20:46.000Z","updated_at":"2026-05-31T18:22:00.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"github-actions(deps)","packages":[{"name":"step-security/harden-runner","old_version":"2.4.0","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"}],"path":null,"ecosystem":"actions"},"body":"Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.4.0 to 2.19.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/harden-runner/compare/128a63446a954579617e875aaab7d2978154e969...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner\u0026package-manager=github_actions\u0026previous-version=2.4.0\u0026new-version=2.19.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/SolidWorx/SolidShift/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SolidWorx%2FSolidShift/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"},{"uuid":"4552609009","node_id":"PR_kwDOSe3Vr87g2yS6","number":3,"state":"open","title":"chore(deps): bump the github-actions group across 1 directory with 15 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T01:01:56.000Z","updated_at":"2026-05-30T01:01:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-actions","update_count":15,"packages":[{"name":"actions/checkout","old_version":"3.1.0","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"step-security/harden-runner","old_version":"2.19.0","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"golangci/golangci-lint-action","old_version":"9.2.0","new_version":"9.2.1","repository_url":"https://github.com/golangci/golangci-lint-action"},{"name":"codecov/codecov-action","old_version":"6.0.0","new_version":"6.0.1","repository_url":"https://github.com/codecov/codecov-action"},{"name":"github/codeql-action","old_version":"2.1.36","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"},{"name":"actions/dependency-review-action","old_version":"4.9.0","new_version":"5.0.0","repository_url":"https://github.com/actions/dependency-review-action"},{"name":"goreleaser/goreleaser-action","old_version":"7.2.1","new_version":"7.2.2","repository_url":"https://github.com/goreleaser/goreleaser-action"},{"name":"actions/labeler","old_version":"6.0.1","new_version":"6.1.0","repository_url":"https://github.com/actions/labeler"},{"name":"google/osv-scanner-action","old_version":"2.3.5","new_version":"2.3.8","repository_url":"https://github.com/google/osv-scanner-action"},{"name":"release-drafter/release-drafter","old_version":"7.2.1","new_version":"7.3.1","repository_url":"https://github.com/release-drafter/release-drafter"},{"name":"sigstore/cosign-installer","old_version":"4.1.1","new_version":"4.1.2","repository_url":"https://github.com/sigstore/cosign-installer"},{"name":"docker/setup-qemu-action","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/docker/setup-qemu-action"},{"name":"docker/setup-buildx-action","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/login-action","old_version":"4.1.0","new_version":"4.2.0","repository_url":"https://github.com/docker/login-action"},{"name":"crate-ci/typos","old_version":"1.45.2","new_version":"1.47.0","repository_url":"https://github.com/crate-ci/typos"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 15 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `3.1.0` | `6.0.2` |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.19.0` | `2.19.4` |\n| [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `9.2.0` | `9.2.1` |\n| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `6.0.0` | `6.0.1` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `2.1.36` | `4.36.0` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.9.0` | `5.0.0` |\n| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `7.2.1` | `7.2.2` |\n| [actions/labeler](https://github.com/actions/labeler) | `6.0.1` | `6.1.0` |\n| [google/osv-scanner-action](https://github.com/google/osv-scanner-action) | `2.3.5` | `2.3.8` |\n| [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) | `7.2.1` | `7.3.1` |\n| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.1.1` | `4.1.2` |\n| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.0.0` | `4.1.0` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` |\n| [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` |\n| [crate-ci/typos](https://github.com/crate-ci/typos) | `1.45.2` | `1.47.0` |\n\n\nUpdates `actions/checkout` from 3.1.0 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v3.1.0...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `step-security/harden-runner` from 2.19.0 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/376d25a97f3a1640ff8cbbddaa4af25948df2cf3\"\u003e\u003ccode\u003e376d25a\u003c/code\u003e\u003c/a\u003e fix: detect ubuntu-slim runners early and bail out\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/8d3c67de8e2fe68ef647c8db1e6a09f647780f40...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golangci/golangci-lint-action` from 9.2.0 to 9.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/golangci/golangci-lint-action/releases\"\u003egolangci/golangci-lint-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eIMPORTANT: this is the first immutable release.\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: improve workflows by \u003ca href=\"https://github.com/ldez\"\u003e\u003ccode\u003e@​ldez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1394\"\u003egolangci/golangci-lint-action#1394\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1325\"\u003egolangci/golangci-lint-action#1325\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1326\"\u003egolangci/golangci-lint-action#1326\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the dependencies group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1327\"\u003egolangci/golangci-lint-action#1327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1328\"\u003egolangci/golangci-lint-action#1328\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump \u003ccode\u003e@​types/node\u003c/code\u003e from 25.0.2 to 25.0.3 in the dependencies group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1329\"\u003egolangci/golangci-lint-action#1329\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1330\"\u003egolangci/golangci-lint-action#1330\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1332\"\u003egolangci/golangci-lint-action#1332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1333\"\u003egolangci/golangci-lint-action#1333\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the dependencies group with 6 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1334\"\u003egolangci/golangci-lint-action#1334\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1335\"\u003egolangci/golangci-lint-action#1335\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the dependencies group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1336\"\u003egolangci/golangci-lint-action#1336\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1337\"\u003egolangci/golangci-lint-action#1337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump \u003ccode\u003e@​types/node\u003c/code\u003e from 25.0.9 to 25.0.10 in the dependencies group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1338\"\u003egolangci/golangci-lint-action#1338\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fast-xml-parser from 5.3.3 to 5.3.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1339\"\u003egolangci/golangci-lint-action#1339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1340\"\u003egolangci/golangci-lint-action#1340\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1344\"\u003egolangci/golangci-lint-action#1344\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fast-xml-parser from 5.3.4 to 5.3.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1346\"\u003egolangci/golangci-lint-action#1346\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump minimatch by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1348\"\u003egolangci/golangci-lint-action#1348\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump minimatch from 3.1.3 to 3.1.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1350\"\u003egolangci/golangci-lint-action#1350\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fast-xml-parser from 5.3.6 to 5.4.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1351\"\u003egolangci/golangci-lint-action#1351\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fast-xml-parser from 5.4.1 to 5.5.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1357\"\u003egolangci/golangci-lint-action#1357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fast-xml-parser from 5.5.6 to 5.5.7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1358\"\u003egolangci/golangci-lint-action#1358\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump flatted from 3.3.3 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1359\"\u003egolangci/golangci-lint-action#1359\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump picomatch from 4.0.3 to 4.0.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1364\"\u003egolangci/golangci-lint-action#1364\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump yaml from 2.8.2 to 2.8.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1365\"\u003egolangci/golangci-lint-action#1365\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump brace-expansion by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1370\"\u003egolangci/golangci-lint-action#1370\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group across 1 directory with 7 updates by \u003ca href=\"https://github.com/ldez\"\u003e\u003ccode\u003e@​ldez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1374\"\u003egolangci/golangci-lint-action#1374\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 4 to 4.35.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1384\"\u003egolangci/golangci-lint-action#1384\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1386\"\u003egolangci/golangci-lint-action#1386\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 4.35.2 to 4.35.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1389\"\u003egolangci/golangci-lint-action#1389\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 4.35.3 to 4.35.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1391\"\u003egolangci/golangci-lint-action#1391\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golangci/golangci-lint-action/compare/v9.2.0...v9.2.1\"\u003ehttps://github.com/golangci/golangci-lint-action/compare/v9.2.0...v9.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golangci/golangci-lint-action/commit/82606bf257cbaff209d206a39f5134f0cfbfd2ee\"\u003e\u003ccode\u003e82606bf\u003c/code\u003e\u003c/a\u003e chore: prepare release v9.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golangci/golangci-lint-action/commit/97c8387e660fa3be78f698fb592523e1f906a02c\"\u003e\u003ccode\u003e97c8387\u003c/code\u003e\u003c/a\u003e chore: improve workflows (\u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/issues/1394\"\u003e#1394\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golangci/golangci-lint-action/commit/28d0a191bb76f633872d1f12600dd9900ac73840\"\u003e\u003ccode\u003e28d0a19\u003c/code\u003e\u003c/a\u003e build(deps): bump the dependencies group across 1 directory with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golangci/golangci-lint-action/commit/633fbc7d54a1fe7d54f72fb83194a7d442beb929\"\u003e\u003ccode\u003e633fbc7\u003c/code\u003e\u003c/a\u003e build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 (\u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/issues/1391\"\u003e#1391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golangci/golangci-lint-action/commit/59f43e26c902dadac745307f8cf2537da50ad344\"\u003e\u003ccode\u003e59f43e2\u003c/code\u003e\u003c/a\u003e build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (\u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/issues/1389\"\u003e#1389\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golangci/golangci-lint-action/commit/9eb174e04acac69b4b7f6602f9a5cc384ba59b45\"\u003e\u003ccode\u003e9eb174e\u003c/code\u003e\u003c/a\u003e build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 (\u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/issues/1386\"\u003e#1386\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golangci/golangci-lint-action/commit/4f52504dfb47d09a983372e869f643e9e0d4014b\"\u003e\u003ccode\u003e4f52504\u003c/code\u003e\u003c/a\u003e build(deps): bump github/codeql-action from 4 to 4.35.2 (\u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/issues/1384\"\u003e#1384\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golangci/golangci-lint-action/commit/6f87dfdbd16618b59a5d86104adea6216152a47c\"\u003e\u003ccode\u003e6f87dfd\u003c/code\u003e\u003c/a\u003e docs: update examples\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golangci/golangci-lint-action/commit/c9500d7aa7797b3e999034a3e6a0b9a4f18e8708\"\u003e\u003ccode\u003ec9500d7\u003c/code\u003e\u003c/a\u003e chore: improve workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golangci/golangci-lint-action/commit/03b1faa37ed78712fa70fc44b56fa553f0d7a6bc\"\u003e\u003ccode\u003e03b1faa\u003c/code\u003e\u003c/a\u003e chore: improve issue templates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golangci/golangci-lint-action/compare/1e7e51e771db61008b38414a730f564565cf7c20...82606bf257cbaff209d206a39f5134f0cfbfd2ee\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `codecov/codecov-action` from 6.0.0 to 6.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/releases\"\u003ecodecov/codecov-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: prevent template injection in run: steps (VULN-1652) by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1947\"\u003ecodecov/codecov-action#1947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 6.0.1 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1949\"\u003ecodecov/codecov-action#1949\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md\"\u003ecodecov/codecov-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.5.2\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.1\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: overwrite pr number on fork by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1871\"\u003ecodecov/codecov-action#1871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.2 to 5.0.0 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1868\"\u003ecodecov/codecov-action#1868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1867\"\u003ecodecov/codecov-action#1867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update to use local app/ dir by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1872\"\u003ecodecov/codecov-action#1872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typo in README by \u003ca href=\"https://github.com/datalater\"\u003e\u003ccode\u003e@​datalater\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1866\"\u003ecodecov/codecov-action#1866\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument a \u003ccode\u003ecodecov-cli\u003c/code\u003e version reference example by \u003ca href=\"https://github.com/webknjaz\"\u003e\u003ccode\u003e@​webknjaz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1774\"\u003ecodecov/codecov-action#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1861\"\u003ecodecov/codecov-action#1861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1833\"\u003ecodecov/codecov-action#1833\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.0\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat: upgrade wrapper to 0.2.4 by \u003ca href=\"https://github.com/jviall\"\u003e\u003ccode\u003e@​jviall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1864\"\u003ecodecov/codecov-action#1864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/github-script by Git SHA by \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1859\"\u003ecodecov/codecov-action#1859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: check reqs exist by \u003ca href=\"https://github.com/joseph-sentry\"\u003e\u003ccode\u003e@​joseph-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1835\"\u003ecodecov/codecov-action#1835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Typo in README by \u003ca href=\"https://github.com/spalmurray\"\u003e\u003ccode\u003e@​spalmurray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1838\"\u003ecodecov/codecov-action#1838\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Refine OIDC docs by \u003ca href=\"https://github.com/spalmurray\"\u003e\u003ccode\u003e@​spalmurray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1837\"\u003ecodecov/codecov-action#1837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1829\"\u003ecodecov/codecov-action#1829\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.4.3\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1822\"\u003ecodecov/codecov-action#1822\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: OIDC on forks by \u003ca href=\"https://github.com/joseph-sentry\"\u003e\u003ccode\u003e@​joseph-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1823\"\u003ecodecov/codecov-action#1823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.4.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/e79a6962e0d4c0c17b229090214935d2e33f8354\"\u003e\u003ccode\u003ee79a696\u003c/code\u003e\u003c/a\u003e chore(release): 6.0.1 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1949\"\u003e#1949\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/51e64229ac331acb0d7f7b17c67423995f991c79\"\u003e\u003ccode\u003e51e6422\u003c/code\u003e\u003c/a\u003e fix: prevent template injection in run: steps (VULN-1652) (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1947\"\u003e#1947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/codecov/codecov-action/compare/57e3a136b779b570ffcdbf80b3bdc90e7fab3de2...e79a6962e0d4c0c17b229090214935d2e33f8354\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 2.1.36 to 4.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v2.1.36...v4.36.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/dependency-review-action` from 4.9.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/dependency-review-action/releases\"\u003eactions/dependency-review-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.0.0\u003c/h2\u003e\n\u003cp\u003eThis is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003ev2.327.1\u003c/a\u003e to run.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd .github/copilot-instructions.md for Copilot coding agent by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1067\"\u003eactions/dependency-review-action#1067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js runtime from 20 to 24 by \u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump spdx-license-ids from 3.0.20 to 3.0.23 by \u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: bump actions/checkout from v4 to v6 in workflow examples by \u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by \u003ca href=\"https://github.com/tspascoal\"\u003e\u003ccode\u003e@​tspascoal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1076\"\u003eactions/dependency-review-action#1076\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve security findings by \u003ca href=\"https://github.com/AshelyTC\"\u003e\u003ccode\u003e@​AshelyTC\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1094\"\u003eactions/dependency-review-action#1094\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5.0.0 release branch by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1098\"\u003eactions/dependency-review-action#1098\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003e\u003ccode\u003ea1d282b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1098\"\u003e#1098\u003c/a\u003e from actions/ahpook/v5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/eb6c199c5a85c7387f1f0b02b3ba5c6364740695\"\u003e\u003ccode\u003eeb6c199\u003c/code\u003e\u003c/a\u003e update examples to show \u003ca href=\"https://github.com/v5\"\u003e\u003ccode\u003e@​v5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/3943c2c5beaaaf1806eb3758273c203dabcbf89c\"\u003e\u003ccode\u003e3943c2c\u003c/code\u003e\u003c/a\u003e v5.0.0 release branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/454943c880b147adbfe7de0cdd3ece1c00882033\"\u003e\u003ccode\u003e454943c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1094\"\u003e#1094\u003c/a\u003e from actions/ashelytc/security-findings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/6d92a1228e9e9db334f02c09f84fe9217d2b4463\"\u003e\u003ccode\u003e6d92a12\u003c/code\u003e\u003c/a\u003e revert \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a8e5a7e93695b41abf6d1083cd220bee39a720f0\"\u003e\u003ccode\u003ea8e5a7e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1076\"\u003e#1076\u003c/a\u003e from tspascoal/fix-version-matching-for-non-string-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/b6b7079031ef4ed61656c221988f1f3bcbf35101\"\u003e\u003ccode\u003eb6b7079\u003c/code\u003e\u003c/a\u003e update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e to 8.40.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/821a21dd691f162c4c5c2e9754a344accde9a208\"\u003e\u003ccode\u003e821a21d\u003c/code\u003e\u003c/a\u003e update more dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/05aaaae45cf4c420de012addf2a72e3435ddaa63\"\u003e\u003ccode\u003e05aaaae\u003c/code\u003e\u003c/a\u003e run npm audit fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/55d3e754501fc13c84b95637ce51f135012d41ea\"\u003e\u003ccode\u003e55d3e75\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1077\"\u003e#1077\u003c/a\u003e from Marukome0743/docs/checkout\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/dependency-review-action/compare/2031cfc080254a8a887f58cffee85186f0e49e48...a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `goreleaser/goreleaser-action` from 7.2.1 to 7.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/goreleaser/goreleaser-action/releases\"\u003egoreleaser/goreleaser-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci(deps): bump the actions group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/560\"\u003egoreleaser/goreleaser-action#560\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: nightly resolution to select newest published release by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/562\"\u003egoreleaser/goreleaser-action#562\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/562\"\u003egoreleaser/goreleaser-action#562\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/goreleaser/goreleaser-action/compare/v7...v7.2.2\"\u003ehttps://github.com/goreleaser/goreleaser-action/compare/v7...v7.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/5daf1e915a5f0af01ddbcd89a43b8061ff4f1a89\"\u003e\u003ccode\u003e5daf1e9\u003c/code\u003e\u003c/a\u003e fix: nightly resolution to select newest published release (\u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/issues/562\"\u003e#562\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/5cc7ebb73d78b8f1d7b03c568e7df999c2889ccf\"\u003e\u003ccode\u003e5cc7ebb\u003c/code\u003e\u003c/a\u003e ci: update actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/702f5f91c9334614254ddeabeebaf820d707f0d6\"\u003e\u003ccode\u003e702f5f9\u003c/code\u003e\u003c/a\u003e ci(deps): bump the actions group with 3 updates (\u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/issues/560\"\u003e#560\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/goreleaser/goreleaser-action/compare/1a80836c5c9d9e5755a25cb59ec6f45a3b5f41a8...5daf1e915a5f0af01ddbcd89a43b8061ff4f1a89\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/labeler` from 6.0.1 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/labeler/releases\"\u003eactions/labeler's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.0\u003c/h2\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd changed-files-labels-limit and max-files-changed configuration options to cap the number of labels added by \u003ca href=\"https://github.com/bluca\"\u003e\u003ccode\u003e@​bluca\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/labeler/pull/923\"\u003eactions/labeler#923\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove Labeler Action documentation and permission error handling by \u003ca href=\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/labeler/pull/897\"\u003eactions/labeler#897\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePreserve manually added labels during workflow runs and refine label synchronization logic by \u003ca href=\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/labeler/pull/917\"\u003eactions/labeler#917\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependency Updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade brace-expansion from 1.1.11 to 1.1.12 and document breaking changes in v6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/labeler/pull/877\"\u003eactions/labeler#877\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade minimatch from 10.0.1 to 10.2.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/labeler/pull/926\"\u003eactions/labeler#926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade dependencies (\u003ccode\u003e@​actions/core\u003c/code\u003e, \u003ccode\u003e@​actions/github\u003c/code\u003e, js-yaml, minimatch, \u003ca href=\"https://github.com/typescript-eslint\"\u003e\u003ccode\u003e@​typescript-eslint\u003c/code\u003e\u003c/a\u003e) by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/labeler/pull/934\"\u003eactions/labeler#934\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/labeler/pull/897\"\u003eactions/labeler#897\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bluca\"\u003e\u003ccode\u003e@​bluca\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/labeler/pull/923\"\u003eactions/labeler#923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/labeler/pull/934\"\u003eactions/labeler#934\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/labeler/compare/v6...v6.1.0\"\u003ehttps://github.com/actions/labeler/compare/v6...v6.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/labeler/commit/f27b608878404679385c85cfa523b85ccb86e213\"\u003e\u003ccode\u003ef27b608\u003c/code\u003e\u003c/a\u003e chore: upgrade dependencies (\u003ccode\u003e@​actions/core\u003c/code\u003e, \u003ccode\u003e@​actions/github\u003c/code\u003e, js-yaml, minimat...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/labeler/commit/c5dadc2a45784a4b6adfcd20fea3465da3a5f904\"\u003e\u003ccode\u003ec5dadc2\u003c/code\u003e\u003c/a\u003e Add 'changed-files-labels-limit' and 'max-files-changed' configs to allow cap...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/labeler/commit/e52e4fb63ed5cd0e07abaad9826b2a893ccb921f\"\u003e\u003ccode\u003ee52e4fb\u003c/code\u003e\u003c/a\u003e Bump minimatch from 10.0.1 to 10.2.3 (\u003ca href=\"https://redirect.github.com/actions/labeler/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/labeler/commit/77a4082b841706ac431479b7e2bb11216ffef250\"\u003e\u003ccode\u003e77a4082\u003c/code\u003e\u003c/a\u003e Fix: Preserve manually added labels during workflow run and refine label sync...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/labeler/commit/25abb3cad4f14b7ac27968a495c37798860a5a1a\"\u003e\u003ccode\u003e25abb3c\u003c/code\u003e\u003c/a\u003e Improve Labeler Action Documentation and Error Handling for Permissions (\u003ca href=\"https://redirect.github.com/actions/labeler/issues/897\"\u003e#897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/labeler/commit/395c8cfdb1e1e691cc4bad0dd315820af8eb67fd\"\u003e\u003ccode\u003e395c8cf\u003c/code\u003e\u003c/a\u003e Bump brace-expansion from 1.1.11 to 1.1.12 and document breaking changes in v...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/labeler/compare/634933edcd8ababfe52f92936142cc22ac488b1b...f27b608878404679385c85cfa523b85ccb86e213\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google/osv-scanner-action` from 2.3.5 to 2.3.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/google/osv-scanner-action/releases\"\u003egoogle/osv-scanner-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.3.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis updates OSV-Scanner to v2.3.8.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/google/osv-scanner-action/compare/v2.3.5...v2.3.8\"\u003ehttps://github.com/google/osv-scanner-action/compare/v2.3.5...v2.3.8\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/osv-scanner-action/commit/9a498708959aeaef5ef730655706c5a1df1edbc2\"\u003e\u003ccode\u003e9a49870\u003c/code\u003e\u003c/a\u003e Update unified workflow example to point to v2.3.8 reusable workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/osv-scanner-action/commit/3adb4b14a2b0623876d18d863a498b785fb3752d\"\u003e\u003ccode\u003e3adb4b1\u003c/code\u003e\u003c/a\u003e Update reusable workflows to point to v2.3.8 actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/osv-scanner-action/commit/8dc09193bb540e09b23da07ad7e30bd33bf87018\"\u003e\u003ccode\u003e8dc0919\u003c/code\u003e\u003c/a\u003e \u0026quot;Update actions to use v2.3.8 osv-scanner image\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/osv-scanner-action/commit/43f380b8fc43a816831a9f5ee6fc91170809c7e9\"\u003e\u003ccode\u003e43f380b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/google/osv-scanner-action/issues/125\"\u003e#125\u003c/a\u003e from google/update-to-v2.3.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/osv-scanner-action/commit/dcf4ddd504dac1027e5829c1d754e4ec009ded5d\"\u003e\u003ccode\u003edcf4ddd\u003c/code\u003e\u003c/a\u003e Update unified workflow example to point to v2.3.6 reusable workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/osv-scanner-action/commit/b9dbb7ef6f6fb8d0e762912b668d2c4c236090a3\"\u003e\u003ccode\u003eb9dbb7e\u003c/code\u003e\u003c/a\u003e Update reusable workflows to point to v2.3.6 actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/osv-scanner-action/commit/fe54858b54b6e367472aa1828429dfcf3c95aba6\"\u003e\u003ccode\u003efe54858\u003c/code\u003e\u003c/a\u003e \u0026quot;Update actions to use v2.3.6 osv-scanner image\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/osv-scanner-action/commit/eb5b619bb565d10623076caba5263750fde3c790\"\u003e\u003ccode\u003eeb5b619\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/google/osv-scanner-action/issues/100\"\u003e#100\u003c/a\u003e from thomasleplus/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/osv-scanner-action/commit/9...\n\n_Description has been truncated_","html_url":"https://github.com/actions-marketplace-validations/afadesigns_zshellcheck/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions-marketplace-validations%2Fafadesigns_zshellcheck/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"4544885489","node_id":"PR_kwDOIj9M_c7gdeYW","number":2848,"state":"open","title":"chore(deps): bump step-security/harden-runner from 2.19.3 to 2.19.4","user":"dependabot[bot]","labels":["dependabot"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-29T01:09:04.000Z","updated_at":"2026-05-29T01:09:05.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"step-security/harden-runner","old_version":"2.19.3","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"}],"path":null,"ecosystem":"actions"},"body":"Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.19.3 to 2.19.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/ab7a9404c0f3da075243ca237b5fac12c98deaa5...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner\u0026package-manager=github_actions\u0026previous-version=2.19.3\u0026new-version=2.19.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/eclipse-tractusx/tractusx-edc/pull/2848","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/eclipse-tractusx%2Ftractusx-edc/issues/2848","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2848/packages"}],"issue_packages":[{"old_version":"2.15.1","new_version":"2.19.4","update_type":"minor","path":null,"pr_created_at":"2026-06-08T00:18:18.000Z","version_change":"2.15.1 → 2.19.4","issue":{"uuid":"4609195576","node_id":"PR_kwDOBNnUgs7jtpan","number":1736,"state":"open","title":"chore(deps): bump the all group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-08T00:18:18.000Z","updated_at":"2026-06-08T00:25:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"all","update_count":9,"packages":[{"name":"step-security/harden-runner","old_version":"2.15.1","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/checkout","old_version":"6.0.2","new_version":"6.0.3","repository_url":"https://github.com/actions/checkout"},{"name":"actions/setup-node","old_version":"6.3.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-node"},{"name":"github/codeql-action","old_version":"4.32.6","new_version":"4.36.2","repository_url":"https://github.com/github/codeql-action"},{"name":"codecov/codecov-action","old_version":"5.5.2","new_version":"7.0.0","repository_url":"https://github.com/codecov/codecov-action"},{"name":"actions/dependency-review-action","old_version":"4.9.0","new_version":"5.0.0","repository_url":"https://github.com/actions/dependency-review-action"},{"name":"googleapis/release-please-action","old_version":"4.4.0","new_version":"5.0.0","repository_url":"https://github.com/googleapis/release-please-action"},{"name":"actions/upload-artifact","old_version":"7.0.0","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/stale","old_version":"10.2.0","new_version":"10.3.0","repository_url":"https://github.com/actions/stale"}],"path":null,"ecosystem":"actions"},"body":"Bumps the all group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.15.1` | `2.19.4` |\n| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` |\n| [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.36.2` |\n| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.2` | `7.0.0` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.9.0` | `5.0.0` |\n| [googleapis/release-please-action](https://github.com/googleapis/release-please-action) | `4.4.0` | `5.0.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |\n| [actions/stale](https://github.com/actions/stale) | `10.2.0` | `10.3.0` |\n\n\nUpdates `step-security/harden-runner` from 2.15.1 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/harden-runner/compare/58077d3c7e43986b6b15fba718e8ea69e387dfcc...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 6.0.2 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824\"\u003e\u003ccode\u003e1cce339\u003c/code\u003e\u003c/a\u003e Fix checkout init for SHA-256 repositories (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2439\"\u003e#2439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231\"\u003e\u003ccode\u003e900f221\u003c/code\u003e\u003c/a\u003e fix: expand merge commit SHA regex and add SHA-256 test cases (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2414\"\u003e#2414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98\"\u003e\u003ccode\u003e0c366fd\u003c/code\u003e\u003c/a\u003e Update changelog (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2357\"\u003e#2357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-node` from 6.3.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-node/releases\"\u003eactions/setup-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js versions in versions.yml and bump package to v6.4.0  by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1533\"\u003eactions/setup-node#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003e\u003ccode\u003e48b55a0\u003c/code\u003e\u003c/a\u003e Update Node.js versions in versions.yml and bump package to v6.4.0 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9\"\u003e\u003ccode\u003eab72c7e\u003c/code\u003e\u003c/a\u003e Upgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/setup-node/compare/53b83947a5a98c8d113130e565377fae1a50d02f...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.6 to 4.36.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.36.1\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.2 - 04 Jun 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.36.1 - 02 Jun 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8aad20d150bbac5944a9f9d289da16a4b0d87c1e\"\u003e\u003ccode\u003e8aad20d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3949\"\u003e#3949\u003c/a\u003e from github/update-v4.36.2-dcb947ce1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f521b08cd8f468ab193ea950a589cb2e9c869c6a\"\u003e\u003ccode\u003ef521b08\u003c/code\u003e\u003c/a\u003e Add additional changelog notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8aeff0ffb7b78582ee0d0e6eebb8140684400d08\"\u003e\u003ccode\u003e8aeff0f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/dcb947ce15976d40ea82935510b2db4872ec124c\"\u003e\u003ccode\u003edcb947c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3948\"\u003e#3948\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c251bcefa178f7780f62f150002acffe3d07fde9\"\u003e\u003ccode\u003ec251bce\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/62953c18b35f59e28351d2f1e806925aef8b1e3c\"\u003e\u003ccode\u003e62953c1\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/423b570baf1976cd7a3daeba5d6e9f9b76432f37\"\u003e\u003ccode\u003e423b570\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3946\"\u003e#3946\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-minor-5d507a...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c35d1b164463ee62a100735382aaaa525c5d3496\"\u003e\u003ccode\u003ec35d1b1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3947\"\u003e#3947\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/cb1a588b02755b176e7b9d033ed4b69312f0e1bd\"\u003e\u003ccode\u003ecb1a588\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3937\"\u003e#3937\u003c/a\u003e from github/robertbrignull/waitForProcessing_backoff\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ba47406412c54532b5b4fcfbaf877c9e2382b206\"\u003e\u003ccode\u003eba47406\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3943\"\u003e#3943\u003c/a\u003e from github/henrymercer/cache-cli-version-info\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/0d579ffd059c29b07949a3cce3983f0780820c98...8aad20d150bbac5944a9f9d289da16a4b0d87c1e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `codecov/codecov-action` from 5.5.2 to 7.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/releases\"\u003ecodecov/codecov-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cp\u003e⚠️ Due to migration issues with keybase, we are unable to update our keys under the \u003ccode\u003ecodecovsecurity\u003c/code\u003e account. We have deleted the account and are using \u003ccode\u003ecodecovsecops\u003c/code\u003e with the original gpg key\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove Enforce License Compliance workflow by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1950\"\u003ecodecov/codecov-action#1950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 7.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1957\"\u003ecodecov/codecov-action#1957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.1...v7.0.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.1...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cp\u003eThis is a copy of the \u003ccode\u003ev7.0.0\u003c/code\u003e release to make updates easier\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove Enforce License Compliance workflow by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1950\"\u003ecodecov/codecov-action#1950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 7.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1957\"\u003ecodecov/codecov-action#1957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: prevent template injection in run: steps (VULN-1652) by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1947\"\u003ecodecov/codecov-action#1947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 6.0.1 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1949\"\u003ecodecov/codecov-action#1949\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003e⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot;\u0026quot; by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1929\"\u003ecodecov/codecov-action#1929\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTh/6.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1928\"\u003ecodecov/codecov-action#1928\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.4...v6.0.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.4...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.4\u003c/h2\u003e\n\u003cp\u003eThis is a mirror of \u003ccode\u003ev5.5.2\u003c/code\u003e. \u003ccode\u003ev6\u003c/code\u003e will be released which requires \u003ccode\u003enode24\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot; by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1926\"\u003ecodecov/codecov-action#1926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 5.5.4 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1927\"\u003ecodecov/codecov-action#1927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.3...v5.5.4\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.3...v5.5.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md\"\u003ecodecov/codecov-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.5.2\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.1\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: overwrite pr number on fork by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1871\"\u003ecodecov/codecov-action#1871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.2 to 5.0.0 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1868\"\u003ecodecov/codecov-action#1868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1867\"\u003ecodecov/codecov-action#1867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update to use local app/ dir by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1872\"\u003ecodecov/codecov-action#1872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typo in README by \u003ca href=\"https://github.com/datalater\"\u003e\u003ccode\u003e@​datalater\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1866\"\u003ecodecov/codecov-action#1866\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument a \u003ccode\u003ecodecov-cli\u003c/code\u003e version reference example by \u003ca href=\"https://github.com/webknjaz\"\u003e\u003ccode\u003e@​webknjaz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1774\"\u003ecodecov/codecov-action#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1861\"\u003ecodecov/codecov-action#1861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1833\"\u003ecodecov/codecov-action#1833\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.0\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat: upgrade wrapper to 0.2.4 by \u003ca href=\"https://github.com/jviall\"\u003e\u003ccode\u003e@​jviall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1864\"\u003ecodecov/codecov-action#1864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/github-script by Git SHA by \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1859\"\u003ecodecov/codecov-action#1859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: check reqs exist by \u003ca href=\"https://github.com/joseph-sentry\"\u003e\u003ccode\u003e@​joseph-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1835\"\u003ecodecov/codecov-action#1835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Typo in README by \u003ca href=\"https://github.com/spalmurray\"\u003e\u003ccode\u003e@​spalmurray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1838\"\u003ecodecov/codecov-action#1838\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Refine OIDC docs by \u003ca href=\"https://github.com/spalmurray\"\u003e\u003ccode\u003e@​spalmurray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1837\"\u003ecodecov/codecov-action#1837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1829\"\u003ecodecov/codecov-action#1829\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.4.3\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1822\"\u003ecodecov/codecov-action#1822\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: OIDC on forks by \u003ca href=\"https://github.com/joseph-sentry\"\u003e\u003ccode\u003e@​joseph-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1823\"\u003ecodecov/codecov-action#1823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.4.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/fb8b3582c8e4def4969c97caa2f19720cb33a72f\"\u003e\u003ccode\u003efb8b358\u003c/code\u003e\u003c/a\u003e chore(release): 7.0.0 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1957\"\u003e#1957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/ca0a928a4cb3911011e868128a5cd90437c12db1\"\u003e\u003ccode\u003eca0a928\u003c/code\u003e\u003c/a\u003e ci: remove Enforce License Compliance workflow (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1950\"\u003e#1950\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/e79a6962e0d4c0c17b229090214935d2e33f8354\"\u003e\u003ccode\u003ee79a696\u003c/code\u003e\u003c/a\u003e chore(release): 6.0.1 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1949\"\u003e#1949\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/51e64229ac331acb0d7f7b17c67423995f991c79\"\u003e\u003ccode\u003e51e6422\u003c/code\u003e\u003c/a\u003e fix: prevent template injection in run: steps (VULN-1652) (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1947\"\u003e#1947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/57e3a136b779b570ffcdbf80b3bdc90e7fab3de2\"\u003e\u003ccode\u003e57e3a13\u003c/code\u003e\u003c/a\u003e Th/6.0.0 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1928\"\u003e#1928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/f67d33dda8a42b51c42a8318a1f66468119e898b\"\u003e\u003ccode\u003ef67d33d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot;\u0026quot;...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/75cd11691c0faa626561e295848008c8a7dddffe\"\u003e\u003ccode\u003e75cd116\u003c/code\u003e\u003c/a\u003e chore(release): 5.5.4 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1927\"\u003e#1927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/87d39f4a2cec2673cf9505764fb20a38792ea722\"\u003e\u003ccode\u003e87d39f4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot; (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1926\"\u003e#1926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/1af58845a975a7985b0beb0cbe6fbbb71a41dbad\"\u003e\u003ccode\u003e1af5884\u003c/code\u003e\u003c/a\u003e chore(release): bump to 5.5.3 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1922\"\u003e#1922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/c143300dea6c9a730986ff862c5bf4d458927ef8\"\u003e\u003ccode\u003ec143300\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/github-script from 7.0.1 to 8.0.0 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1874\"\u003e#1874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/codecov/codecov-action/compare/671740ac38dd9b0130fbe1cec585b89eea48d3de...fb8b3582c8e4def4969c97caa2f19720cb33a72f\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/dependency-review-action` from 4.9.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/dependency-review-action/releases\"\u003eactions/dependency-review-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.0.0\u003c/h2\u003e\n\u003cp\u003eThis is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003ev2.327.1\u003c/a\u003e to run.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd .github/copilot-instructions.md for Copilot coding agent by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1067\"\u003eactions/dependency-review-action#1067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js runtime from 20 to 24 by \u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump spdx-license-ids from 3.0.20 to 3.0.23 by \u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: bump actions/checkout from v4 to v6 in workflow examples by \u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by \u003ca href=\"https://github.com/tspascoal\"\u003e\u003ccode\u003e@​tspascoal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1076\"\u003eactions/dependency-review-action#1076\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve security findings by \u003ca href=\"https://github.com/AshelyTC\"\u003e\u003ccode\u003e@​AshelyTC\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1094\"\u003eactions/dependency-review-action#1094\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5.0.0 release branch by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1098\"\u003eactions/dependency-review-action#1098\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003e\u003ccode\u003ea1d282b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1098\"\u003e#1098\u003c/a\u003e from actions/ahpook/v5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/eb6c199c5a85c7387f1f0b02b3ba5c6364740695\"\u003e\u003ccode\u003eeb6c199\u003c/code\u003e\u003c/a\u003e update examples to show \u003ca href=\"https://github.com/v5\"\u003e\u003ccode\u003e@​v5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/3943c2c5beaaaf1806eb3758273c203dabcbf89c\"\u003e\u003ccode\u003e3943c2c\u003c/code\u003e\u003c/a\u003e v5.0.0 release branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/454943c880b147adbfe7de0cdd3ece1c00882033\"\u003e\u003ccode\u003e454943c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1094\"\u003e#1094\u003c/a\u003e from actions/ashelytc/security-findings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/6d92a1228e9e9db334f02c09f84fe9217d2b4463\"\u003e\u003ccode\u003e6d92a12\u003c/code\u003e\u003c/a\u003e revert \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a8e5a7e93695b41abf6d1083cd220bee39a720f0\"\u003e\u003ccode\u003ea8e5a7e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1076\"\u003e#1076\u003c/a\u003e from tspascoal/fix-version-matching-for-non-string-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/b6b7079031ef4ed61656c221988f1f3bcbf35101\"\u003e\u003ccode\u003eb6b7079\u003c/code\u003e\u003c/a\u003e update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e to 8.40.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/821a21dd691f162c4c5c2e9754a344accde9a208\"\u003e\u003ccode\u003e821a21d\u003c/code\u003e\u003c/a\u003e update more dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/05aaaae45cf4c420de012addf2a72e3435ddaa63\"\u003e\u003ccode\u003e05aaaae\u003c/code\u003e\u003c/a\u003e run npm audit fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/55d3e754501fc13c84b95637ce51f135012d41ea\"\u003e\u003ccode\u003e55d3e75\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1077\"\u003e#1077\u003c/a\u003e from Marukome0743/docs/checkout\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/dependency-review-action/compare/2031cfc080254a8a887f58cffee85186f0e49e48...a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `googleapis/release-please-action` from 4.4.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/release-please-action/releases\"\u003egoogleapis/release-please-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/compare/v4.4.1...v5.0.0\"\u003e5.0.0\u003c/a\u003e (2026-04-22)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node24 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1188\"\u003e#1188\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node24 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1188\"\u003e#1188\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/46dfc01594fc6ec99626bc73e479c52bdf554f88\"\u003e46dfc01\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebump release-please from 17.3.0 to 17.6.0 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1199\"\u003e#1199\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/f533c26b74c2778db7edc90c96b63a7d08035765\"\u003ef533c26\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.4.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/compare/v4.4.0...v4.4.1\"\u003e4.4.1\u003c/a\u003e (2026-02-20)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebump release-please from 17.1.3 to 17.3.0 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1183\"\u003e#1183\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/ef9c2745dbfb629d38ebfafa3347a81ab2d51409\"\u003eef9c274\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/release-please-action/blob/main/CHANGELOG.md\"\u003egoogleapis/release-please-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/compare/v4.4.1...v5.0.0\"\u003e5.0.0\u003c/a\u003e (2026-04-22)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node24 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1188\"\u003e#1188\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node24 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1188\"\u003e#1188\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/46dfc01594fc6ec99626bc73e479c52bdf554f88\"\u003e46dfc01\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebump release-please from 17.3.0 to 17.6.0 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1199\"\u003e#1199\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/f533c26b74c2778db7edc90c96b63a7d08035765\"\u003ef533c26\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/compare/v4.4.0...v4.4.1\"\u003e4.4.1\u003c/a\u003e (2026-02-20)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebump release-please from 17.1.3 to 17.3.0 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1183\"\u003e#1183\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/ef9c2745dbfb629d38ebfafa3347a81ab2d51409\"\u003eef9c274\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/compare/v4.3.0...v4.4.0\"\u003e4.4.0\u003c/a\u003e (2025-10-09)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd ability to select versioning-strategy and release-as (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1121\"\u003e#1121\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/ee0f5bae453367755be0c4340193531b3f538374\"\u003eee0f5ba\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003echangelog-host\u003c/code\u003e parameter ignored when using manifest configuration (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1151\"\u003e#1151\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/535c4130c1030110bdacd1b3076f98c046c3a227\"\u003e535c413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebump mocha from 11.7.1 to 11.7.2 in the npm_and_yarn group across 1 directory (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1149\"\u003e#1149\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/3612a99d75bd7a010bb03d6e2ee3e2392b7392fb\"\u003e3612a99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebump release-please from 17.1.2 to 17.1.3 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1158\"\u003e#1158\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/66fbfe9439cb7a3660ecdc00d42573ef0bd00764\"\u003e66fbfe9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/compare/v4.2.0...v4.3.0\"\u003e4.3.0\u003c/a\u003e (2025-08-20)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update release-please to 17.1.2 (\u003ca href=\"https://github.com/googleapis/release-please-action/commit/f07192c046b10acd083f4665a3d8b6350526f9df\"\u003ef07192c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/compare/v4.1.5...v4.2.0\"\u003e4.2.0\u003c/a\u003e (2025-03-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/commit/45996ed1f6d02564a971a2fa1b5860e934307cf7\"\u003e\u003ccode\u003e45996ed\u003c/code\u003e\u003c/a\u003e chore(main): release 5.0.0 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1200\"\u003e#1200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/commit/a8121b99c9779b09ad890de46417b7cad74eb3a2\"\u003e\u003ccode\u003ea8121b9\u003c/code\u003e\u003c/a\u003e chore: build dist (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1201\"\u003e#1201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/commit/f533c26b74c2778db7edc90c96b63a7d08035765\"\u003e\u003ccode\u003ef533c26\u003c/code\u003e\u003c/a\u003e fix: bump release-please from 17.3.0 to 17.6.0 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1199\"\u003e#1199\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/commit/46dfc01594fc6ec99626bc73e479c52bdf554f88\"\u003e\u003ccode\u003e46dfc01\u003c/code\u003e\u003c/a\u003e feat!: upgrade to node24 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1188\"\u003e#1188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/commit/5c625bfb5d1ff62eadeeb3772007f7f66fdcf071\"\u003e\u003ccode\u003e5c625bf\u003c/code\u003e\u003c/a\u003e chore(main): release 4.4.1 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1187\"\u003e#1187\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/commit/8bb7a2ed0f90c9802c83129a9488d235a1f31a7c\"\u003e\u003ccode\u003e8bb7a2e\u003c/code\u003e\u003c/a\u003e chore: build dist (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1186\"\u003e#1186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/commit/ef9c2745dbfb629d38ebfafa3347a81ab2d51409\"\u003e\u003ccode\u003eef9c274\u003c/code\u003e\u003c/a\u003e fix: bump release-please from 17.1.3 to 17.3.0 (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1183\"\u003e#1183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/release-please-action/commit/64d83e95d898ede84e4555719aba555c3244d469\"\u003e\u003ccode\u003e64d83e9\u003c/code\u003e\u003c/a\u003e docs(README): add missing action inputs + package options (\u003ca href=\"https://redirect.github.com/googleapis/release-please-action/issues/1176\"\u003e#1176\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/googleapis/release-please-action/compare/16a9c90856f42705d54a6fda1823352bdc62cf38...45996ed1f6d02564a971a2fa1b5860e934307cf7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 7.0.0 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/stale` from 10.2.0 to 10.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/stale/releases\"\u003eactions/stale's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug Fix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnhancement: ignore stale labeling events by \u003ca href=\"https://github.com/shamoon\"\u003e\u003ccode\u003e@​shamoon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/stale/pull/1311\"\u003eactions/stale#1311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade dependencies (\u003ccode\u003e@​actions/core\u003c/code\u003e, \u003ccode\u003e@​octokit/plugin-retry\u003c/code\u003e, \u003ca href=\"https://github.com/typescript-eslint\"\u003e\u003ccode\u003e@​typescript-eslint\u003c/code\u003e\u003c/a\u003e) by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/stale/pull/1335\"\u003eactions/stale#1335\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shamoon\"\u003e\u003ccode\u003e@​shamoon\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/stale/pull/1311\"\u003eactions/stale#1311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions...\n\n_Description has been truncated_","html_url":"https://github.com/nodejs/node-addon-api/pull/1736","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/nodejs%2Fnode-addon-api/issues/1736","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1736/packages"}},{"old_version":"2.19.1","new_version":"2.19.4","update_type":"patch","path":null,"pr_created_at":"2026-06-07T20:32:54.000Z","version_change":"2.19.1 → 2.19.4","issue":{"uuid":"4608632522","node_id":"PR_kwDOKjuSlM7jr5MT","number":321,"state":"open","title":"Bump the github-actions group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-07T20:32:54.000Z","updated_at":"2026-06-07T20:33:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"github-actions","update_count":5,"packages":[{"name":"step-security/harden-runner","old_version":"2.19.1","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/checkout","old_version":"6.0.2","new_version":"6.0.3","repository_url":"https://github.com/actions/checkout"},{"name":"pnpm/action-setup","old_version":"6.0.6","new_version":"6.0.8","repository_url":"https://github.com/pnpm/action-setup"},{"name":"changesets/action","old_version":"1.8.0","new_version":"1.9.0","repository_url":"https://github.com/changesets/action"},{"name":"github/codeql-action","old_version":"4.35.4","new_version":"4.36.2","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.19.1` | `2.19.4` |\n| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` |\n| [pnpm/action-setup](https://github.com/pnpm/action-setup) | `6.0.6` | `6.0.8` |\n| [changesets/action](https://github.com/changesets/action) | `1.8.0` | `1.9.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.35.4` | `4.36.2` |\n\n\nUpdates `step-security/harden-runner` from 2.19.1 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/a5ad31d6a139d249332a2605b85202e8c0b78450...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 6.0.2 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824\"\u003e\u003ccode\u003e1cce339\u003c/code\u003e\u003c/a\u003e Fix checkout init for SHA-256 repositories (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2439\"\u003e#2439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231\"\u003e\u003ccode\u003e900f221\u003c/code\u003e\u003c/a\u003e fix: expand merge commit SHA regex and add SHA-256 test cases (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2414\"\u003e#2414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98\"\u003e\u003ccode\u003e0c366fd\u003c/code\u003e\u003c/a\u003e Update changelog (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2357\"\u003e#2357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pnpm/action-setup` from 6.0.6 to 6.0.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pnpm/action-setup/releases\"\u003epnpm/action-setup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs(README): fix \u003ccode\u003ecache_dependency_path\u003c/code\u003e type by \u003ca href=\"https://github.com/haines\"\u003e\u003ccode\u003e@​haines\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pnpm/action-setup/pull/257\"\u003epnpm/action-setup#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: drop patchPnpmEnv so standalone+self-update works on Windows by \u003ca href=\"https://github.com/zkochan\"\u003e\u003ccode\u003e@​zkochan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pnpm/action-setup/pull/258\"\u003epnpm/action-setup#258\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update pnpm to 11.1.1 by \u003ca href=\"https://github.com/mungodewar\"\u003e\u003ccode\u003e@​mungodewar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pnpm/action-setup/pull/248\"\u003epnpm/action-setup#248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mungodewar\"\u003e\u003ccode\u003e@​mungodewar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pnpm/action-setup/pull/248\"\u003epnpm/action-setup#248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pnpm/action-setup/compare/v6.0.7...v6.0.8\"\u003ehttps://github.com/pnpm/action-setup/compare/v6.0.7...v6.0.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: honor devEngines.packageManager.onFail=error (\u003ca href=\"https://redirect.github.com/pnpm/action-setup/issues/252\"\u003e#252\u003c/a\u003e) by \u003ca href=\"https://github.com/zkochan\"\u003e\u003ccode\u003e@​zkochan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pnpm/action-setup/pull/254\"\u003epnpm/action-setup#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: restore inputs from state in post by \u003ca href=\"https://github.com/haines\"\u003e\u003ccode\u003e@​haines\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pnpm/action-setup/pull/255\"\u003epnpm/action-setup#255\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: self-update bootstrap to packageManager-pinned version (\u003ca href=\"https://redirect.github.com/pnpm/action-setup/issues/233\"\u003e#233\u003c/a\u003e) by \u003ca href=\"https://github.com/zkochan\"\u003e\u003ccode\u003e@​zkochan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pnpm/action-setup/pull/256\"\u003epnpm/action-setup#256\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haines\"\u003e\u003ccode\u003e@​haines\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pnpm/action-setup/pull/255\"\u003epnpm/action-setup#255\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pnpm/action-setup/compare/v6.0.6...v6.0.7\"\u003ehttps://github.com/pnpm/action-setup/compare/v6.0.6...v6.0.7\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/action-setup/commit/0e279bb959325dab635dd2c09392533439d90093\"\u003e\u003ccode\u003e0e279bb\u003c/code\u003e\u003c/a\u003e fix: update pnpm to 11.1.1 (\u003ca href=\"https://redirect.github.com/pnpm/action-setup/issues/248\"\u003e#248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/action-setup/commit/3e835812ef01165f4f8ae08ade56da44427ed4e0\"\u003e\u003ccode\u003e3e83581\u003c/code\u003e\u003c/a\u003e fix: drop patchPnpmEnv so standalone+self-update works on Windows (\u003ca href=\"https://redirect.github.com/pnpm/action-setup/issues/258\"\u003e#258\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/action-setup/commit/551b42e879e37e74d986effdd2a1647d2b02d464\"\u003e\u003ccode\u003e551b42e\u003c/code\u003e\u003c/a\u003e docs(README): fix \u003ccode\u003ecache_dependency_path\u003c/code\u003e type (\u003ca href=\"https://redirect.github.com/pnpm/action-setup/issues/257\"\u003e#257\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/action-setup/commit/739bfe42ca9233c5e6aca07c1a25a9d34aca49b0\"\u003e\u003ccode\u003e739bfe4\u003c/code\u003e\u003c/a\u003e fix: self-update bootstrap to packageManager-pinned version (\u003ca href=\"https://redirect.github.com/pnpm/action-setup/issues/233\"\u003e#233\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pnpm/action-setup/issues/256\"\u003e#256\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/action-setup/commit/f61705d907761b3b5209e83910fafd1fea50c5a1\"\u003e\u003ccode\u003ef61705d\u003c/code\u003e\u003c/a\u003e chore: add CODEOWNERS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/action-setup/commit/7a5507b117647ab83e96e9db317ba2234056ebf3\"\u003e\u003ccode\u003e7a5507b\u003c/code\u003e\u003c/a\u003e fix: restore inputs from state in post (\u003ca href=\"https://redirect.github.com/pnpm/action-setup/issues/255\"\u003e#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pnpm/action-setup/commit/1155470f3e5fb872accd4d104b8dfcda41f676ce\"\u003e\u003ccode\u003e1155470\u003c/code\u003e\u003c/a\u003e fix: honor devEngines.packageManager.onFail=error (\u003ca href=\"https://redirect.github.com/pnpm/action-setup/issues/252\"\u003e#252\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pnpm/action-setup/issues/254\"\u003e#254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pnpm/action-setup/compare/91ab88e2619ed1f46221f0ba42d1492c02baf788...0e279bb959325dab635dd2c09392533439d90093\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `changesets/action` from 1.8.0 to 1.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/changesets/action/releases\"\u003echangesets/action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.9.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/636\"\u003e#636\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/b072bccc4c664a373c42168eed9139dce1e003b1\"\u003e\u003ccode\u003eb072bcc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Add a new \u003ccode\u003e@changesets/action/pr-comment\u003c/code\u003e sub-action to comment on PRs\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/625\"\u003e#625\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/8795eee5eee884e887d352ac673a515ffe35aaa6\"\u003e\u003ccode\u003e8795eee\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Add a new \u003ccode\u003e@changesets/action/pr-status\u003c/code\u003e sub-action to generate the changeset status comment for PRs as an alternative to the \u003ca href=\"https://github.com/apps/changeset-bot\"\u003eChangesets Bot\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/535\"\u003e#535\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/34f64f6e2e1e47ddc183f174aa27c197aa47f520\"\u003e\u003ccode\u003e34f64f6\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Fixed an issue with GitHub releases not being created for successfully published packages when \u003cem\u003esome\u003c/em\u003e packages failed to be published to the registry.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/632\"\u003e#632\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/1d54b9e660e435237accbcae0b4581af3be641b4\"\u003e\u003ccode\u003e1d54b9e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Simplify internal implementation to get changelog entries for a package version\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/629\"\u003e#629\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/e0c90aa7fbd0cc26931a679c5abe9bbc0deb0b50\"\u003e\u003ccode\u003ee0c90aa\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Fix custom version and publish command argument parsing\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/645\"\u003e#645\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/f9585d966a9c7d2f668b97199990de6f885823cf\"\u003e\u003ccode\u003ef9585d9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Improved force-push handling when using \u003ccode\u003ecommitMode: \u0026quot;github-api\u0026quot;\u003c/code\u003e so updating an existing branch no longer temporarily resets the target branch to the base commit, avoiding cases where GitHub closes open pull requests during the update. This should remove a possibility of a GitHub state race that caused the force-pushed PRs not being reopened.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/changesets/action/blob/main/CHANGELOG.md\"\u003echangesets/action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e\u003ccode\u003e@​changesets/action\u003c/code\u003e\u003c/h1\u003e\n\u003ch2\u003e1.9.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/636\"\u003e#636\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/b072bccc4c664a373c42168eed9139dce1e003b1\"\u003e\u003ccode\u003eb072bcc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Add a new \u003ccode\u003e@changesets/action/pr-comment\u003c/code\u003e sub-action to comment on PRs\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/625\"\u003e#625\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/8795eee5eee884e887d352ac673a515ffe35aaa6\"\u003e\u003ccode\u003e8795eee\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Add a new \u003ccode\u003e@changesets/action/pr-status\u003c/code\u003e sub-action to generate the changeset status comment for PRs as an alternative to the \u003ca href=\"https://github.com/apps/changeset-bot\"\u003eChangesets Bot\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/535\"\u003e#535\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/34f64f6e2e1e47ddc183f174aa27c197aa47f520\"\u003e\u003ccode\u003e34f64f6\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Fixed an issue with GitHub releases not being created for successfully published packages when \u003cem\u003esome\u003c/em\u003e packages failed to be published to the registry.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/632\"\u003e#632\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/1d54b9e660e435237accbcae0b4581af3be641b4\"\u003e\u003ccode\u003e1d54b9e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Simplify internal implementation to get changelog entries for a package version\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/629\"\u003e#629\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/e0c90aa7fbd0cc26931a679c5abe9bbc0deb0b50\"\u003e\u003ccode\u003ee0c90aa\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Fix custom version and publish command argument parsing\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/645\"\u003e#645\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/f9585d966a9c7d2f668b97199990de6f885823cf\"\u003e\u003ccode\u003ef9585d9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Improved force-push handling when using \u003ccode\u003ecommitMode: \u0026quot;github-api\u0026quot;\u003c/code\u003e so updating an existing branch no longer temporarily resets the target branch to the base commit, avoiding cases where GitHub closes open pull requests during the update. This should remove a possibility of a GitHub state race that caused the force-pushed PRs not being reopened.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.8.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/258\"\u003e#258\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/f5dbf72f96949cb0daf45152f0f63062df70e97d\"\u003e\u003ccode\u003ef5dbf72\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tom-sherman\"\u003e\u003ccode\u003e@​tom-sherman\u003c/code\u003e\u003c/a\u003e! - Support draft version PR modes with a new \u003ccode\u003eprDraft\u003c/code\u003e input. Use \u003ccode\u003ecreate\u003c/code\u003e to create new version PRs as drafts, or \u003ccode\u003ealways\u003c/code\u003e to also convert existing version PRs back to draft when updating them.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/502\"\u003e#502\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/6002dbd987f49a3c0a134910d9c7bca975b79977\"\u003e\u003ccode\u003e6002dbd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/oshytiko\"\u003e\u003ccode\u003e@​oshytiko\u003c/code\u003e\u003c/a\u003e! - Fixed initial \u003ccode\u003e.changeset\u003c/code\u003e state being picked up, when \u003ccode\u003ecwd\u003c/code\u003e parameter is provided\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/536\"\u003e#536\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/81b3f61ebffcb868f73e4c0b2682517149c834a2\"\u003e\u003ccode\u003e81b3f61\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/radnan\"\u003e\u003ccode\u003e@​radnan\u003c/code\u003e\u003c/a\u003e! - Fixed \u003ccode\u003e.changeset\u003c/code\u003e state being picked for the version command when \u003ccode\u003ecwd\u003c/code\u003e parameter is provided\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/564\"\u003e#564\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/935fe876b0054dfc962ac86bcddf028460040d46\"\u003e\u003ccode\u003e935fe87\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Automatically use the GitHub-provided token to allow most users to avoid explicit \u003ccode\u003eGITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\u003c/code\u003e configuration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/545\"\u003e#545\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/54220dd92c06e7da112b139f95d8beb933e4cdde\"\u003e\u003ccode\u003e54220dd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ryanbas21\"\u003e\u003ccode\u003e@​ryanbas21\u003c/code\u003e\u003c/a\u003e! - The \u003ccode\u003e.npmrc\u003c/code\u003e generation now intelligently handles both traditional NPM token authentication and trusted publishing scenarios by only appending the auth token when \u003ccode\u003eNPM_TOKEN\u003c/code\u003e is defined. This prevents 'undefined' from being written to the registry configuration when using OIDC tokens from GitHub Actions trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/563\"\u003e#563\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/6af4a7ec080d23ac6b304f69b67fd0aa92e089e7\"\u003e\u003ccode\u003e6af4a7e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Don't error on already committed symlinks and executables that stay untouched\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.6.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/558\"\u003e#558\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/342005d41242bccd9dd9ae8d3679efce96af48ae\"\u003e\u003ccode\u003e342005d\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/harsha-venugopal-ledn\"\u003e\u003ccode\u003e@​harsha-venugopal-ledn\u003c/code\u003e\u003c/a\u003e! - Upgrade from Node.js 20 to Node.js 24 LTS\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/a45c4d594aa4e2c509dc14a9f2b3b67ba3780d0d\"\u003e\u003ccode\u003ea45c4d5\u003c/code\u003e\u003c/a\u003e v1.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/b459b1eaa0a3889b4eea8af244304a64da6331ce\"\u003e\u003ccode\u003eb459b1e\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/changesets/action/issues/637\"\u003e#637\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/f9585d966a9c7d2f668b97199990de6f885823cf\"\u003e\u003ccode\u003ef9585d9\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003e@changesets/ghcommit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/changesets/action/issues/645\"\u003e#645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/020e8cc600a1e7e7b8b843654902f043f32387ea\"\u003e\u003ccode\u003e020e8cc\u003c/code\u003e\u003c/a\u003e Use internal bot for versioning (\u003ca href=\"https://redirect.github.com/changesets/action/issues/643\"\u003e#643\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/b072bccc4c664a373c42168eed9139dce1e003b1\"\u003e\u003ccode\u003eb072bcc\u003c/code\u003e\u003c/a\u003e Add simple PR comment sub-action (\u003ca href=\"https://redirect.github.com/changesets/action/issues/636\"\u003e#636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/8795eee5eee884e887d352ac673a515ffe35aaa6\"\u003e\u003ccode\u003e8795eee\u003c/code\u003e\u003c/a\u003e Comment changeset status in PRs (\u003ca href=\"https://redirect.github.com/changesets/action/issues/625\"\u003e#625\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/34f64f6e2e1e47ddc183f174aa27c197aa47f520\"\u003e\u003ccode\u003e34f64f6\u003c/code\u003e\u003c/a\u003e Fixed an issue with GitHub releases not being created for successfully publis...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/1d54b9e660e435237accbcae0b4581af3be641b4\"\u003e\u003ccode\u003e1d54b9e\u003c/code\u003e\u003c/a\u003e Simplify getChangelogEntry (\u003ca href=\"https://redirect.github.com/changesets/action/issues/632\"\u003e#632\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/031358f743b5a6199bd7a39bdc8b469280983df9\"\u003e\u003ccode\u003e031358f\u003c/code\u003e\u003c/a\u003e Update to typescript v6 (\u003ca href=\"https://redirect.github.com/changesets/action/issues/633\"\u003e#633\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/a0c05f7a4b1df776543903d7dca8e39cd787b30a\"\u003e\u003ccode\u003ea0c05f7\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​changesets/changelog-github\u003c/code\u003e from 0.5.2 to 0.7.0 (\u003ca href=\"https://redirect.github.com/changesets/action/issues/620\"\u003e#620\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/changesets/action/compare/63a615b9cd06ba9a3e6d13796c7fbcb080a60a0b...a45c4d594aa4e2c509dc14a9f2b3b67ba3780d0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.4 to 4.36.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.36.1\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.2 - 04 Jun 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.36.1 - 02 Jun 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8aad20d150bbac5944a9f9d289da16a4b0d87c1e\"\u003e\u003ccode\u003e8aad20d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3949\"\u003e#3949\u003c/a\u003e from github/update-v4.36.2-dcb947ce1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f521b08cd8f468ab193ea950a589cb2e9c869c6a\"\u003e\u003ccode\u003ef521b08\u003c/code\u003e\u003c/a\u003e Add additional changelog notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8aeff0ffb7b78582ee0d0e6eebb8140684400d08\"\u003e\u003ccode\u003e8aeff0f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/dcb947ce15976d40ea82935510b2db4872ec124c\"\u003e\u003ccode\u003edcb947c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3948\"\u003e#3948\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c251bcefa178f7780f62f150002acffe3d07fde9\"\u003e\u003ccode\u003ec251bce\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/62953c18b35f59e28351d2f1e806925aef8b1e3c\"\u003e\u003ccode\u003e62953c1\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/423b570baf1976cd7a3daeba5d6e9f9b76432f37\"\u003e\u003ccode\u003e423b570\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3946\"\u003e#3946\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-minor-5d507a...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c35d1b164463ee62a100735382aaaa525c5d3496\"\u003e\u003ccode\u003ec35d1b1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3947\"\u003e#3947\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/cb1a588b02755b176e7b9d033ed4b69312f0e1bd\"\u003e\u003ccode\u003ecb1a588\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3937\"\u003e#3937\u003c/a\u003e from github/robertbrignull/waitForProcessing_backoff\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ba47406412c54532b5b4fcfbaf877c9e2382b206\"\u003e\u003ccode\u003eba47406\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3943\"\u003e#3943\u003c/a\u003e from github/henrymercer/cache-cli-version-info\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...8aad20d150bbac5944a9f9d289da16a4b0d87c1e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/zemd/eslint-flat-config/pull/321","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/zemd%2Feslint-flat-config/issues/321","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/321/packages"}},{"old_version":"2.12.0","new_version":"2.19.4","update_type":"minor","path":null,"pr_created_at":"2026-06-06T17:10:05.000Z","version_change":"2.12.0 → 2.19.4","issue":{"uuid":"4604427694","node_id":"PR_kwDOSgCO287je4R_","number":33,"state":"closed","title":"chore(deps): bump step-security/harden-runner from 2.12.0 to 2.19.4","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-08T01:25:38.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-06T17:10:05.000Z","updated_at":"2026-06-08T01:25:40.000Z","time_to_close":116133,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"step-security/harden-runner","old_version":"2.12.0","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"}],"path":null,"ecosystem":"actions"},"body":"Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.12.0 to 2.19.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/harden-runner/compare/0634a2670c59f64b4a01f0f96f84700a4088b9f0...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner\u0026package-manager=github_actions\u0026previous-version=2.12.0\u0026new-version=2.19.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Moelgenady/DevOps-HiveBox/pull/33","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Moelgenady%2FDevOps-HiveBox/issues/33","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/33/packages"}},{"old_version":"2.19.0","new_version":"2.19.4","update_type":"patch","path":null,"pr_created_at":"2026-06-05T06:49:58.000Z","version_change":"2.19.0 → 2.19.4","issue":{"uuid":"4594881493","node_id":"PR_kwDOSRkdbM7i_lat","number":31,"state":"closed","title":"Bump the dependencies group across 1 directory with 11 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-12T06:50:15.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-05T06:49:58.000Z","updated_at":"2026-06-12T06:50:17.000Z","time_to_close":604817,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"dependencies","update_count":11,"packages":[{"name":"step-security/harden-runner","old_version":"2.19.0","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/checkout","old_version":"6.0.2","new_version":"6.0.3","repository_url":"https://github.com/actions/checkout"},{"name":"fluxcd/flux2","old_version":"2.8.6","new_version":"2.8.8","repository_url":"https://github.com/fluxcd/flux2"},{"name":"step-security/semver-utils","old_version":"4.3.2","new_version":"5.0.0","repository_url":"https://github.com/step-security/semver-utils"},{"name":"step-security/close-milestone","old_version":"2.2.1","new_version":"2.2.2","repository_url":"https://github.com/step-security/close-milestone"},{"name":"sigstore/cosign-installer","old_version":"4.1.1","new_version":"4.1.2","repository_url":"https://github.com/sigstore/cosign-installer"},{"name":"docker/login-action","old_version":"4.1.0","new_version":"4.2.0","repository_url":"https://github.com/docker/login-action"},{"name":"docker/setup-qemu-action","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/docker/setup-qemu-action"},{"name":"docker/setup-buildx-action","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/build-push-action","old_version":"7.1.0","new_version":"7.2.0","repository_url":"https://github.com/docker/build-push-action"},{"name":"securego/gosec","old_version":"2.25.0","new_version":"2.27.1","repository_url":"https://github.com/securego/gosec"}],"path":null,"ecosystem":"actions"},"body":"Bumps the dependencies group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.19.0` | `2.19.4` |\n| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` |\n| [fluxcd/flux2](https://github.com/fluxcd/flux2) | `2.8.6` | `2.8.8` |\n| [step-security/semver-utils](https://github.com/step-security/semver-utils) | `4.3.2` | `5.0.0` |\n| [step-security/close-milestone](https://github.com/step-security/close-milestone) | `2.2.1` | `2.2.2` |\n| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.1.1` | `4.1.2` |\n| [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` |\n| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.0.0` | `4.1.0` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` |\n| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.1.0` | `7.2.0` |\n| [securego/gosec](https://github.com/securego/gosec) | `2.25.0` | `2.27.1` |\n\n\nUpdates `step-security/harden-runner` from 2.19.0 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/376d25a97f3a1640ff8cbbddaa4af25948df2cf3\"\u003e\u003ccode\u003e376d25a\u003c/code\u003e\u003c/a\u003e fix: detect ubuntu-slim runners early and bail out\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/8d3c67de8e2fe68ef647c8db1e6a09f647780f40...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 6.0.2 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824\"\u003e\u003ccode\u003e1cce339\u003c/code\u003e\u003c/a\u003e Fix checkout init for SHA-256 repositories (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2439\"\u003e#2439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231\"\u003e\u003ccode\u003e900f221\u003c/code\u003e\u003c/a\u003e fix: expand merge commit SHA regex and add SHA-256 test cases (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2414\"\u003e#2414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98\"\u003e\u003ccode\u003e0c366fd\u003c/code\u003e\u003c/a\u003e Update changelog (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2357\"\u003e#2357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fluxcd/flux2` from 2.8.6 to 2.8.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fluxcd/flux2/releases\"\u003efluxcd/flux2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.8\u003c/h2\u003e\n\u003ch2\u003eHighlights\u003c/h2\u003e\n\u003cp\u003eFlux v2.8.8 is a patch release that includes CVE fixes via go-git v5.19.1 (source-controller, image-automation-controller), reliability fixes in helm-controller and source-controller, the move of Helm back to upstream v4.2.0, support for GCP sovereign cloud artifact registries, and dependency updates. Users are encouraged to upgrade for the best experience.\u003c/p\u003e\n\u003cp\u003eℹ️ Please follow the \u003ca href=\"https://github.com/fluxcd/flux2/discussions/5572\"\u003eUpgrade Procedure for Flux v2.7+\u003c/a\u003e for a smooth upgrade from Flux v2.6 to the latest version.\u003c/p\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a configurable HTTP timeout for artifact fetching, preventing fetches that could block indefinitely and stall reconciliations (helm-controller)\u003c/li\u003e\n\u003cli\u003eFix unbounded memory growth caused by a Kubernetes client transport retry wrapper accumulating on every reconcile (helm-controller)\u003c/li\u003e\n\u003cli\u003eStop force-applying non-CRD objects placed under a chart's \u003ccode\u003ecrds/\u003c/code\u003e directory (helm-controller)\u003c/li\u003e\n\u003cli\u003eFix the Helm test action failing to find releases with names longer than 53 characters (helm-controller)\u003c/li\u003e\n\u003cli\u003eImprove path handling in the source reconcilers (source-controller)\u003c/li\u003e\n\u003cli\u003eSupport Helm semver build-metadata encoding in OCIRepository tags (source-controller)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eImprovements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate go-git to v5.19.1 which fixes \u003ca href=\"https://github.com/advisories/GHSA-crhj-59gh-8x96\"\u003eCVE-2026-45571\u003c/a\u003e and \u003ca href=\"https://github.com/advisories/GHSA-m7cr-m3pv-hgrp\"\u003eCVE-2026-45570\u003c/a\u003e (source-controller, image-automation-controller)\u003c/li\u003e\n\u003cli\u003eMove Helm back to upstream v4.2.0 (source-controller, helm-controller)\u003c/li\u003e\n\u003cli\u003eAdd support for GCP sovereign cloud artifact registries (source-controller, image-reflector-controller)\u003c/li\u003e\n\u003cli\u003eUpgrade Kubernetes to 1.36.1 (source-controller, helm-controller)\u003c/li\u003e\n\u003cli\u003eUpdate fluxcd/pkg dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eComponents changelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ehelm-controller \u003ca href=\"https://github.com/fluxcd/helm-controller/blob/v1.5.5/CHANGELOG.md\"\u003ev1.5.5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimage-automation-controller \u003ca href=\"https://github.com/fluxcd/image-automation-controller/blob/v1.1.4/CHANGELOG.md\"\u003ev1.1.4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimage-reflector-controller \u003ca href=\"https://github.com/fluxcd/image-reflector-controller/blob/v1.1.2/CHANGELOG.md\"\u003ev1.1.2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esource-controller \u003ca href=\"https://github.com/fluxcd/source-controller/blob/v1.8.5/CHANGELOG.md\"\u003ev1.8.5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCLI changelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate toolkit components by \u003ca href=\"https://github.com/fluxcdbot\"\u003e\u003ccode\u003e@​fluxcdbot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fluxcd/flux2/pull/5904\"\u003efluxcd/flux2#5904\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fluxcd/flux2/compare/v2.8.7...v2.8.8\"\u003ehttps://github.com/fluxcd/flux2/compare/v2.8.7...v2.8.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.7\u003c/h2\u003e\n\u003ch2\u003eHighlights\u003c/h2\u003e\n\u003cp\u003eFlux v2.8.7 is a patch release that includes a bug fix in kustomize-controller, a CVE fix in source-controller and image-automation-controller via go-git v5.19.0, and dependency updates. Users are encouraged to upgrade for the best experience.\u003c/p\u003e\n\u003cp\u003eℹ️ Please follow the \u003ca href=\"https://github.com/fluxcd/flux2/discussions/5572\"\u003eUpgrade Procedure for Flux v2.7+\u003c/a\u003e for a smooth upgrade from Flux v2.6 to the latest version.\u003c/p\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix management of objects annotated with \u003ccode\u003ekustomize.toolkit.fluxcd.io/ssa: IfNotPresent\u003c/code\u003e where non-namespaced resources were being deleted and recreated on each reconciliation (kustomize-controller)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eImprovements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate go-git to v5.19.0 which fixes \u003ca href=\"https://github.com/advisories/GHSA-389r-gv7p-r3rp\"\u003eCVE-2026-45022\u003c/a\u003e (source-controller, image-automation-controller)\u003c/li\u003e\n\u003cli\u003eUpdate fluxcd/pkg dependencies (source-controller, kustomize-controller, image-automation-controller)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eComponents changelog\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/1fd61a06264d71cf445ed55c4f14d401d26a1c64\"\u003e\u003ccode\u003e1fd61a0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5904\"\u003e#5904\u003c/a\u003e from fluxcd/update-components-release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/477f048ec0c3c47ce402c5be45cb67b9b2b84386\"\u003e\u003ccode\u003e477f048\u003c/code\u003e\u003c/a\u003e Update toolkit components\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/0acfaa26c6219cb08e3add4432b981436b2a4f49\"\u003e\u003ccode\u003e0acfaa2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5899\"\u003e#5899\u003c/a\u003e from fluxcd/update-pkg-deps/release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/264957f40bef9d139323341e7466548ebba17c27\"\u003e\u003ccode\u003e264957f\u003c/code\u003e\u003c/a\u003e Update fluxcd/pkg dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/54e4ba378e155ada619caafdc599e5c4d759ce5c\"\u003e\u003ccode\u003e54e4ba3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5891\"\u003e#5891\u003c/a\u003e from fluxcd/update-components-release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/d2fbb16656555a93adfb5aa0ec7ca145919acacb\"\u003e\u003ccode\u003ed2fbb16\u003c/code\u003e\u003c/a\u003e Update toolkit components\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/66533d7c9027618340b96e7a925cbef4f43f4dfc\"\u003e\u003ccode\u003e66533d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5882\"\u003e#5882\u003c/a\u003e from fluxcd/backport-5881-to-release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/7ac36233f338adf90eb7546533f87c23a32d50fc\"\u003e\u003ccode\u003e7ac3623\u003c/code\u003e\u003c/a\u003e include source-watcher in install manifests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fluxcd/flux2/compare/04acaec6161ac4fb1a82ffafa88901c03271d34f...1fd61a06264d71cf445ed55c4f14d401d26a1c64\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `step-security/semver-utils` from 4.3.2 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/semver-utils/releases\"\u003estep-security/semver-utils's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/220\"\u003estep-security/semver-utils#220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/221\"\u003estep-security/semver-utils#221\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade packages to fix vulnerabilities by \u003ca href=\"https://github.com/Raj-StepSecurity\"\u003e\u003ccode\u003e@​Raj-StepSecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/222\"\u003estep-security/semver-utils#222\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/223\"\u003estep-security/semver-utils#223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/224\"\u003estep-security/semver-utils#224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Remove guarddog.yml by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/225\"\u003estep-security/semver-utils#225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/227\"\u003estep-security/semver-utils#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add claude review workflow by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/228\"\u003estep-security/semver-utils#228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: added banner and update subscription check to make maintained actions free for public repos by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/226\"\u003estep-security/semver-utils#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 4.1.1 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/175\"\u003estep-security/semver-utils#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/202\"\u003estep-security/semver-utils#202\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github/codeql-action from 3.24.3 to 4.35.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/218\"\u003estep-security/semver-utils#218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/dependency-review-action from 4.1.3 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/209\"\u003estep-security/semver-utils#209\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Update auto cherry-pick workflow by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/230\"\u003estep-security/semver-utils#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Cherry-picked changes from upstream by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/229\"\u003estep-security/semver-utils#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/225\"\u003estep-security/semver-utils#225\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/semver-utils/compare/v4...v5.0.0\"\u003ehttps://github.com/step-security/semver-utils/compare/v4...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/5bb182a08240146b23b61cc002cb74004377da4b\"\u003e\u003ccode\u003e5bb182a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/229\"\u003e#229\u003c/a\u003e from step-security/auto-cherry-pick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/57d3f51f108d62d579217a48d6ea0098e9a183ee\"\u003e\u003ccode\u003e57d3f51\u003c/code\u003e\u003c/a\u003e chore: Bump version in package.json and lock file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/6ac856db625c45a3598e902d3d41ff82e6c6225b\"\u003e\u003ccode\u003e6ac856d\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into auto-cherry-pick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/b36e30950176cfdc82294700f613aa2bcffe72f0\"\u003e\u003ccode\u003eb36e309\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/230\"\u003e#230\u003c/a\u003e from step-security/fix-auto-cherry-pick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/385280376f65b1dfeedc496f98d305d0b42ab1a0\"\u003e\u003ccode\u003e3852803\u003c/code\u003e\u003c/a\u003e fix: Update auto cherry-pick workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/dbfcfd87d115b9a32284e1b53930aae83c1820e5\"\u003e\u003ccode\u003edbfcfd8\u003c/code\u003e\u003c/a\u003e chore: Cherry-pick changes from upstream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/ecb04aec3bade353524b29c14ba3579d7c45779c\"\u003e\u003ccode\u003eecb04ae\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/ba69ca4900a31d80c7f4d9556f25e85777cbcaa7\"\u003e\u003ccode\u003eba69ca4\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/6f8e4f9839152d933a82fe6bdf6802d389b120d7\"\u003e\u003ccode\u003e6f8e4f9\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/9e44e9ebb00a2d5a1d8ef8886eb5c2a809949843\"\u003e\u003ccode\u003e9e44e9e\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/semver-utils/compare/4ae9c1fd6d1c5f8f152fe7e2efe8069a952c2ace...5bb182a08240146b23b61cc002cb74004377da4b\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `step-security/close-milestone` from 2.2.1 to 2.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/close-milestone/releases\"\u003estep-security/close-milestone's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/109\"\u003estep-security/close-milestone#109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/125\"\u003estep-security/close-milestone#125\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/126\"\u003estep-security/close-milestone#126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/127\"\u003estep-security/close-milestone#127\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/128\"\u003estep-security/close-milestone#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/129\"\u003estep-security/close-milestone#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/130\"\u003estep-security/close-milestone#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/131\"\u003estep-security/close-milestone#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/132\"\u003estep-security/close-milestone#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/133\"\u003estep-security/close-milestone#133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/134\"\u003estep-security/close-milestone#134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade packages to fix vulnerabilities by \u003ca href=\"https://github.com/Raj-StepSecurity\"\u003e\u003ccode\u003e@​Raj-StepSecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/135\"\u003estep-security/close-milestone#135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/136\"\u003estep-security/close-milestone#136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/137\"\u003estep-security/close-milestone#137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/138\"\u003estep-security/close-milestone#138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Remove guarddog.yml by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/139\"\u003estep-security/close-milestone#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/141\"\u003estep-security/close-milestone#141\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/142\"\u003estep-security/close-milestone#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: create claude_review.yml by \u003ca href=\"https://github.com/amanstep\"\u003e\u003ccode\u003e@​amanstep\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/143\"\u003estep-security/close-milestone#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: added banner and update subscription check to make maintained actions free for public repos by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/140\"\u003estep-security/close-milestone#140\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/139\"\u003estep-security/close-milestone#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amanstep\"\u003e\u003ccode\u003e@​amanstep\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/143\"\u003estep-security/close-milestone#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/close-milestone/compare/v2...v2.2.2\"\u003ehttps://github.com/step-security/close-milestone/compare/v2...v2.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/d6e3b63e31f1f869bd3d0403f8cdc1a68f59ab4a\"\u003e\u003ccode\u003ed6e3b63\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/140\"\u003e#140\u003c/a\u003e from step-security/feat/update-subscription-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/863f964626093731ac2c636fa7dc5ff3d2644274\"\u003e\u003ccode\u003e863f964\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into feat/update-subscription-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/e1b596a61a6ecc976f5da769dd6d7fa404a0d678\"\u003e\u003ccode\u003ee1b596a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/143\"\u003e#143\u003c/a\u003e from step-security/amanstep-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/46baafa0c6c0df51b9d34812be4ae404ccbd2e46\"\u003e\u003ccode\u003e46baafa\u003c/code\u003e\u003c/a\u003e format: fixed formatting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/6bc6bcafec2bf2bebc8ab86081cdd0b8f2630caf\"\u003e\u003ccode\u003e6bc6bca\u003c/code\u003e\u003c/a\u003e ci: create claude_review.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/e988771562706195b18b9441460b11d785b5904d\"\u003e\u003ccode\u003ee988771\u003c/code\u003e\u003c/a\u003e chore: dist updated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/07bcad02d188d4bdc830f6403f27aa3a63d9230e\"\u003e\u003ccode\u003e07bcad0\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into feat/update-subscription-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/bde7f30187b35ad62a306764515a07135f09a465\"\u003e\u003ccode\u003ebde7f30\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/142\"\u003e#142\u003c/a\u003e from step-security/npm-audit-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/c147b794f062d8a0fa8066b154701c8dda26b2ca\"\u003e\u003ccode\u003ec147b79\u003c/code\u003e\u003c/a\u003e fix: apply audit fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/5e1530b9f64d08ab27a6804b967af5a24b50792d\"\u003e\u003ccode\u003e5e1530b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/141\"\u003e#141\u003c/a\u003e from step-security/npm-audit-fix\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/close-milestone/compare/b097272a7aaa0f5c40dc6bc671d45d35c5e85b51...d6e3b63e31f1f869bd3d0403f8cdc1a68f59ab4a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sigstore/cosign-installer` from 4.1.1 to 4.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sigstore/cosign-installer/releases\"\u003esigstore/cosign-installer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump cosign to 3.0.6 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/232\"\u003esigstore/cosign-installer#232\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003e\u003ccode\u003e6f9f177\u003c/code\u003e\u003c/a\u003e Bump cosign to 3.0.6 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/b5e753ae2d39589c7b38850b463739151fc67f07\"\u003e\u003ccode\u003eb5e753a\u003c/code\u003e\u003c/a\u003e Bump actions/github-script from 8.0.0 to 9.0.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/230\"\u003e#230\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/115e4ce455e573aa6e9ba51e8d040ddd5c1378af\"\u003e\u003ccode\u003e115e4ce\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 6.3.0 to 6.4.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003...6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/login-action` from 4.1.0 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/login-action/releases\"\u003edocker/login-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/976\"\u003edocker/login-action#976\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1050.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/960\"\u003edocker/login-action#960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/970\"\u003edocker/login-action#970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.1 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/993\"\u003edocker/login-action#993\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/985\"\u003edocker/login-action#985\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.6 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/963\"\u003edocker/login-action#963\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 9.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/961\"\u003edocker/login-action#961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/979\"\u003edocker/login-action#979\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/991\"\u003edocker/login-action#991\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.3 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/986\"\u003edocker/login-action#986\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.1.0...v4.2.0\"\u003ehttps://github.com/docker/login-action/compare/v4.1.0...v4.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003e\u003ccode\u003e650006c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/960\"\u003e#960\u003c/a\u003e from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/99df1a3f6d65e48177ea57671a50e2242eae4b63\"\u003e\u003ccode\u003e99df1a3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3ab375f324f46da5f6901efeda4be4e2566ebaa2\"\u003e\u003ccode\u003e3ab375f\u003c/code\u003e\u003c/a\u003e build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/39d85804ae465a1816c68ff58158ec66883981b4\"\u003e\u003ccode\u003e39d8580\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/970\"\u003e#970\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/4eefcd33ca7213989697445a78b6730274bfaba6\"\u003e\u003ccode\u003e4eefcd3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/56d092c8b3f04006c22f4fc20a2b3d2442caed56\"\u003e\u003ccode\u003e56d092c\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/e2e31ca87063ae00fd41ad3b9c548dd8ec24c5ff\"\u003e\u003ccode\u003ee2e31ca\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/976\"\u003e#976\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/0bced941e843afc786fbfd58b1c6c13ca11e09c9\"\u003e\u003ccode\u003e0bced94\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3e75a0f266b07e09777a621d0ca5f4432ef9f10c\"\u003e\u003ccode\u003e3e75a0f\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/365bebd9d646160567ebad47824f026e09ee6970\"\u003e\u003ccode\u003e365bebd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/984\"\u003e#984\u003c/a\u003e from docker/dependabot/github_actions/aws-actions/con...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/login-action/compare/4907a6ddec9925e35a0a9e82d7399ccc52663121...650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-qemu-action` from 4.0.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-qemu-action/releases\"\u003edocker/setup-qemu-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ereset\u003c/code\u003e input to uninstall current emulators by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/21\"\u003edocker/setup-qemu-action#21\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.77.0 to 0.91.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/250\"\u003edocker/setup-qemu-action#250\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/247\"\u003edocker/setup-qemu-action#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.15 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/265\"\u003edocker/setup-qemu-action#265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.0.0 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/286\"\u003edocker/setup-qemu-action#286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/255\"\u003edocker/setup-qemu-action#255\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/257\"\u003edocker/setup-qemu-action#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.15 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/254\"\u003edocker/setup-qemu-action#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/262\"\u003edocker/setup-qemu-action#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/273\"\u003edocker/setup-qemu-action#273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/285\"\u003edocker/setup-qemu-action#285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/287\"\u003edocker/setup-qemu-action#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tmp from 0.2.5 to 0.2.6 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/291\"\u003edocker/setup-qemu-action#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.26.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/251\"\u003edocker/setup-qemu-action#251\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/271\"\u003edocker/setup-qemu-action#271\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-qemu-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/setup-qemu-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/06116385d9baf250c9f4dcb4858b16962ea869c3\"\u003e\u003ccode\u003e0611638\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/21\"\u003e#21\u003c/a\u003e from crazy-max/uninst\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/ce59c818a5ff16552ddf7407ee7cb00bea682925\"\u003e\u003ccode\u003ece59c81\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/2ddad4401e17fa807e8a3c4bd289ccdd993f0868\"\u003e\u003ccode\u003e2ddad44\u003c/code\u003e\u003c/a\u003e uninstall current emulators\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/8c37cd6f3456e1f3f3026250eac496709e9e7e10\"\u003e\u003ccode\u003e8c37cd6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/250\"\u003e#250\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/d1a0ff34af591b8e290e46f3fa114ef5bb81cd1c\"\u003e\u003ccode\u003ed1a0ff3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/0a8f3dc12541cc2c3b19c182a1a2c90a2c8b8d93\"\u003e\u003ccode\u003e0a8f3dc\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.91.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/9430f61a7691bd1bfdc4d6ba70e558659d36fa7a\"\u003e\u003ccode\u003e9430f61\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/291\"\u003e#291\u003c/a\u003e from docker/dependabot/npm_and_yarn/tmp-0.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/978bd7796cb6698377e7af6726b726e5ced642d0\"\u003e\u003ccode\u003e978bd77\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/3479febc62cc0fbcb98c7c7fc0dac778c0d79d6a\"\u003e\u003ccode\u003e3479feb\u003c/code\u003e\u003c/a\u003e build(deps): bump tmp from 0.2.5 to 0.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/b113c264143c28c2974bed61af25be32d32f4782\"\u003e\u003ccode\u003eb113c26\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/255\"\u003e#255\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-5...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-qemu-action/compare/ce360397dd3f832beb865e1373c09c0e9f86d70a...06116385d9baf250c9f4dcb4858b16962ea869c3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-buildx-action` from 4.0.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-buildx-action/releases\"\u003edocker/setup-buildx-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/489\"\u003edocker/setup-buildx-action#489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/547\"\u003edocker/setup-buildx-action#547\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/508\"\u003edocker/setup-buildx-action#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.0.0 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/540\"\u003edocker/setup-buildx-action#540\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/496\"\u003edocker/setup-buildx-action#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/499\"\u003edocker/setup-buildx-action#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 13.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/495\"\u003edocker/setup-buildx-action#495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/504\"\u003edocker/setup-buildx-action#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/523\"\u003edocker/setup-buildx-action#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/503\"\u003edocker/setup-buildx-action#503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/537\"\u003edocker/setup-buildx-action#537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/545\"\u003edocker/setup-buildx-action#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.25.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/492\"\u003edocker/setup-buildx-action#492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/520\"\u003edocker/setup-buildx-action#520\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5\"\u003e\u003ccode\u003ed7f5e7f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/489\"\u003e#489\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/92bc5c9777806d0a73d9d668ba2114fa1177f164\"\u003e\u003ccode\u003e92bc5c9\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/da11e35abee0f20cb4f1c1b7c461d37c29be52f5\"\u003e\u003ccode\u003eda11e35\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/f021e162ef95b6fba51af1c6674f537f25bce851\"\u003e\u003ccode\u003ef021e16\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/492\"\u003e#492\u003c/a\u003e from docker/dependabot/npm_and_yarn/undici-6.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/b5af94fab700aee0c64d6077e0e34ae987815b67\"\u003e\u003ccode\u003eb5af94f\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/16ad9776a801d0c47f0a05f007b88a3789aa8ab6\"\u003e\u003ccode\u003e16ad977\u003c/code\u003e\u003c/a\u003e build(deps): bump undici from 6.23.0 to 6.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/d7a12d7df895b33bd02a9b4bf62a12f2b9a24458\"\u003e\u003ccode\u003ed7a12d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/495\"\u003e#495\u003c/a\u003e from docker/dependabot/npm_and_yarn/glob-10.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/28ff27de4eed7518d361591f2cd1dfb69c34a7cb\"\u003e\u003ccode\u003e28ff27d\u003c/code\u003e\u003c/a\u003e build(deps): bump glob from 10.3.12 to 13.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/daf436b50e13d9053b9730cbc16516891878b019\"\u003e\u003ccode\u003edaf436b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/496\"\u003e#496\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-5...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/9725348367859764880f2f2e688a6b0c353e3f35\"\u003e\u003ccode\u003e9725348\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/build-push-action` from 7.1.0 to 7.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/build-push-action/releases\"\u003edocker/build-push-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1525\"\u003edocker/build-push-action#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1517\"\u003edocker/build-push-action#1517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.2 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1534\"\u003edocker/build-push-action#1534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1529\"\u003edocker/build-push-action#1529\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.5.7 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1521\"\u003edocker/build-push-action#1521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1526\"\u003edocker/build-push-action#1526\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1533\"\u003edocker/build-push-action#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003e\u003ccode\u003ef9f3042\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1517\"\u003e#1517\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/812d5fd9212a4c5d419e5be02fd8e9bb435c5d76\"\u003e\u003ccode\u003e812d5fd\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/b6f66930769f2917a3275dc4d81f15583ac7e105\"\u003e\u003ccode\u003eb6f6693\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/c1c626eced73a500ec65c4256c620b3b9e8278c0\"\u003e\u003ccode\u003ec1c626e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1525\"\u003e#1525\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/51bb284cd4d05650aa6f5e4e22cb96d2cbfe62b7\"\u003e\u003ccode\u003e51bb284\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/5f7884def8f133e8ef40c53d003d1471c05621c6\"\u003e\u003ccode\u003e5f7884d\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/e01deff7d956c756a20f3e19ff7ddc0e4a50fc1d\"\u003e\u003ccode\u003ee01deff\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1521\"\u003e#1521\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/3804d497934b39bd591ee9d1c6c9e593b4488a67\"\u003e\u003ccode\u003e3804d49\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/71e8947aac5dad23ce83a43e9c98f750e02de2f3\"\u003e\u003ccode\u003e71e8947\u003c/code\u003e\u003c/a\u003e chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/4925ad24cdbc42ff492d76cf9fe7a30b79976b60\"\u003e\u003ccode\u003e4925ad2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1526\"\u003e#1526\u003c/a\u003e from docker/dependabot/npm_and_yarn/postcss-8.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/build-push-action/compare/bcafcacb16a39f128d818304e6c9c0c18556b85f...f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `securego/gosec` from 2.25.0 to 2.27.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/securego/gosec/releases\"\u003esecurego/gosec's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.27.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e9e6a9843d7a4a6e3e9a8539b02612c8a4aa3f889 Downgrade google lib to avoid min Go version bump (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1687\"\u003e#1687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.27.0\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e0a5c6504c46569257663726ac54c7cfdad42e846 Downgrade the jsonschema dep to v0.13.0 due to incompatibility with anthropick-sdk-go (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1686\"\u003e#1686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb48e668764ca9fd826a7b84c9e9194af3227fade Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1685\"\u003e#1685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebd17b2589eb634e511b352f14fc30cb40863eefe Downgrade the github.com/invopop/jsonschema v0.13.0 to solve incopatibility with anthropic-sdk (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1683\"\u003e#1683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec6f8c3d9a75d897612c7beb55007ac5f29b2e3a2 Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1682\"\u003e#1682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e5676cbccda635b33fab15bb85e32b2e741c9372f Update vulnerabilities alerts for indirect dependencies\u003c/li\u003e\n\u003cli\u003ece167d4a37bc5fe3f49bb9be3209f9759b69ff6f Pin dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1681\"\u003e#1681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e74b726dfcebf218a1984a51b44fe962aecef5921 Skip pining for my repos\u003c/li\u003e\n\u003cli\u003ea68f8825bfa51b46cc517a5cd8baf4848e03a8d1 Update renovate configuration\u003c/li\u003e\n\u003cli\u003e2f8791bad7bf8f6a11f0b29e41aec54ddb9fcb0b Fix typo\u003c/li\u003e\n\u003cli\u003ead3778a7be907bf4e5cf5ed5c63333a377f3fb3b Update branch config in renovate config\u003c/li\u003e\n\u003cli\u003eb1583fe2f3ffb41074cb11996e58ca554c6c04e7 Migrate config renovate.json (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1678\"\u003e#1678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e139e33d474374c8e26a0e480f077526e131f43bb Update renovate to refresh the branch creation\u003c/li\u003e\n\u003cli\u003ef3c03ebb7f077f9b9ddfc64f710e0a2d2e92ded4 Update the renovate branch prefix\u003c/li\u003e\n\u003cli\u003e85814f2e3964a6d38aeb6e6002ac9268c16fcab5 Update renovate config to pin the actions dependencies by digests (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1676\"\u003e#1676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e55f051973281b15900b2b8b30aaf467a7b9127ea Migrate the html remport to react v19. (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1675\"\u003e#1675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e6ad4476d269895a4a9b77883b3e3503f7e5e4103 Manually update version to fix renovate (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1674\"\u003e#1674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e8f88312a5f80dbf04d2248d75c372d165e54e589 feat: integrate Atlas Cloud provider (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1672\"\u003e#1672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e6351b0c6fcc7d75acb230a9be7f9047aada322ae Refactor error position parsing to support path with colon. (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1673\"\u003e#1673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ede65614d10a6b84029e3e1215567b8ce7e490f23 Add two options to require rule ID and justificaiton for inline annotations (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1671\"\u003e#1671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ee354c572d957eb8bf63481cc9ba2704b58a6ae35 Fix false positive in G118 when cancel is stored in a slice/map (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1670\"\u003e#1670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e4161f0b4333859990584c9fb3fd377a892eaf477 chore(go): update supported Go versions to 1.25.10 and 1.26.3 (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1669\"\u003e#1669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb4f29347566880540afec8205b633d2859377cec Harden the github workflows and action (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1665\"\u003e#1665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb7aca268861108d4446959fa92d2fe808eb7aa6f Fix justification delimiter in annotation format doc (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1661\"\u003e#1661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e945bce72d26a794e25a122d87527d063bf887903 Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1664\"\u003e#1664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e5f4eec95fa28ce5dc6cf555de8c242cb57545f01 Update action to use gosec version v2.26.1 (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.26.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e4a3bd8af174872c778439083ded7adbf3747e770 Update cosign to v3.0.6 (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1659\"\u003e#1659\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/9e6a9843d7a4a6e3e9a8539b02612c8a4aa3f889\"\u003e\u003ccode\u003e9e6a984\u003c/code\u003e\u003c/a\u003e Downgrade google lib to avoid min Go version bump (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1687\"\u003e#1687\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/0a5c6504c46569257663726ac54c7cfdad42e846\"\u003e\u003ccode\u003e0a5c650\u003c/code\u003e\u003c/a\u003e Downgrade the jsonschema dep to v0.13.0 due to incompatibility with anthropic...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/b48e668764ca9fd826a7b84c9e9194af3227fade\"\u003e\u003ccode\u003eb48e668\u003c/code\u003e\u003c/a\u003e Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1685\"\u003e#1685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/bd17b2589eb634e511b352f14fc30cb40863eefe\"\u003e\u003ccode\u003ebd17b25\u003c/code\u003e\u003c/a\u003e Downgrade the github.com/invopop/jsonschema v0.13.0 to solve incopatibility w...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/c6f8c3d9a75d897612c7beb55007ac5f29b2e3a2\"\u003e\u003ccode\u003ec6f8c3d\u003c/code\u003e\u003c/a\u003e Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1682\"\u003e#1682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/5676cbccda635b33fab15bb85e32b2e741c9372f\"\u003e\u003ccode\u003e5676cbc\u003c/code\u003e\u003c/a\u003e Update vulnerabilities alerts for indirect dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/ce167d4a37bc5fe3f49bb9be3209f9759b69ff6f\"\u003e\u003ccode\u003ece167d4\u003c/code\u003e\u003c/a\u003e Pin dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1681\"\u003e#1681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/74b726dfcebf218a1984a51b44fe962aecef5921\"\u003e\u003ccode\u003e74b726d\u003c/code\u003e\u003c/a\u003e Skip pining for my repos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/a68f8825bfa51b46cc517a5cd8baf4848e03a8d1\"\u003e\u003ccode\u003ea68f882\u003c/code\u003e\u003c/a\u003e Update renovate configuration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/2f8791bad7bf8f6a11f0b29e41aec54ddb9fcb0b\"\u003e\u003ccode\u003e2f8791b\u003c/code\u003e\u003c/a\u003e Fix typo\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/securego/gosec/compare/223e19b8856e00f02cc67804499a83f77e208f3c...9e6a9843d7a4a6e3e9a8539b02612c8a4aa3f889\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e m...\n\n_Description has been truncated_","html_url":"https://github.com/oyakhilo20/hiero-mirror-node--020/pull/31","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/oyakhilo20%2Fhiero-mirror-node--020/issues/31","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/31/packages"}},{"old_version":"2.19.0","new_version":"2.19.4","update_type":"patch","path":null,"pr_created_at":"2026-06-05T06:12:00.000Z","version_change":"2.19.0 → 2.19.4","issue":{"uuid":"4594679036","node_id":"PR_kwDOSRkwp87i-7gI","number":31,"state":"closed","title":"Bump the dependencies group across 1 directory with 11 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-12T06:12:26.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-05T06:12:00.000Z","updated_at":"2026-06-12T06:12:28.000Z","time_to_close":604826,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"dependencies","update_count":11,"packages":[{"name":"step-security/harden-runner","old_version":"2.19.0","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/checkout","old_version":"6.0.2","new_version":"6.0.3","repository_url":"https://github.com/actions/checkout"},{"name":"fluxcd/flux2","old_version":"2.8.6","new_version":"2.8.8","repository_url":"https://github.com/fluxcd/flux2"},{"name":"step-security/semver-utils","old_version":"4.3.2","new_version":"5.0.0","repository_url":"https://github.com/step-security/semver-utils"},{"name":"step-security/close-milestone","old_version":"2.2.1","new_version":"2.2.2","repository_url":"https://github.com/step-security/close-milestone"},{"name":"sigstore/cosign-installer","old_version":"4.1.1","new_version":"4.1.2","repository_url":"https://github.com/sigstore/cosign-installer"},{"name":"docker/login-action","old_version":"4.1.0","new_version":"4.2.0","repository_url":"https://github.com/docker/login-action"},{"name":"docker/setup-qemu-action","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/docker/setup-qemu-action"},{"name":"docker/setup-buildx-action","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/build-push-action","old_version":"7.1.0","new_version":"7.2.0","repository_url":"https://github.com/docker/build-push-action"},{"name":"securego/gosec","old_version":"2.25.0","new_version":"2.27.1","repository_url":"https://github.com/securego/gosec"}],"path":null,"ecosystem":"actions"},"body":"Bumps the dependencies group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.19.0` | `2.19.4` |\n| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` |\n| [fluxcd/flux2](https://github.com/fluxcd/flux2) | `2.8.6` | `2.8.8` |\n| [step-security/semver-utils](https://github.com/step-security/semver-utils) | `4.3.2` | `5.0.0` |\n| [step-security/close-milestone](https://github.com/step-security/close-milestone) | `2.2.1` | `2.2.2` |\n| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.1.1` | `4.1.2` |\n| [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` |\n| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.0.0` | `4.1.0` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` |\n| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.1.0` | `7.2.0` |\n| [securego/gosec](https://github.com/securego/gosec) | `2.25.0` | `2.27.1` |\n\n\nUpdates `step-security/harden-runner` from 2.19.0 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/376d25a97f3a1640ff8cbbddaa4af25948df2cf3\"\u003e\u003ccode\u003e376d25a\u003c/code\u003e\u003c/a\u003e fix: detect ubuntu-slim runners early and bail out\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/8d3c67de8e2fe68ef647c8db1e6a09f647780f40...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 6.0.2 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824\"\u003e\u003ccode\u003e1cce339\u003c/code\u003e\u003c/a\u003e Fix checkout init for SHA-256 repositories (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2439\"\u003e#2439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231\"\u003e\u003ccode\u003e900f221\u003c/code\u003e\u003c/a\u003e fix: expand merge commit SHA regex and add SHA-256 test cases (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2414\"\u003e#2414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98\"\u003e\u003ccode\u003e0c366fd\u003c/code\u003e\u003c/a\u003e Update changelog (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2357\"\u003e#2357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fluxcd/flux2` from 2.8.6 to 2.8.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fluxcd/flux2/releases\"\u003efluxcd/flux2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.8\u003c/h2\u003e\n\u003ch2\u003eHighlights\u003c/h2\u003e\n\u003cp\u003eFlux v2.8.8 is a patch release that includes CVE fixes via go-git v5.19.1 (source-controller, image-automation-controller), reliability fixes in helm-controller and source-controller, the move of Helm back to upstream v4.2.0, support for GCP sovereign cloud artifact registries, and dependency updates. Users are encouraged to upgrade for the best experience.\u003c/p\u003e\n\u003cp\u003eℹ️ Please follow the \u003ca href=\"https://github.com/fluxcd/flux2/discussions/5572\"\u003eUpgrade Procedure for Flux v2.7+\u003c/a\u003e for a smooth upgrade from Flux v2.6 to the latest version.\u003c/p\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a configurable HTTP timeout for artifact fetching, preventing fetches that could block indefinitely and stall reconciliations (helm-controller)\u003c/li\u003e\n\u003cli\u003eFix unbounded memory growth caused by a Kubernetes client transport retry wrapper accumulating on every reconcile (helm-controller)\u003c/li\u003e\n\u003cli\u003eStop force-applying non-CRD objects placed under a chart's \u003ccode\u003ecrds/\u003c/code\u003e directory (helm-controller)\u003c/li\u003e\n\u003cli\u003eFix the Helm test action failing to find releases with names longer than 53 characters (helm-controller)\u003c/li\u003e\n\u003cli\u003eImprove path handling in the source reconcilers (source-controller)\u003c/li\u003e\n\u003cli\u003eSupport Helm semver build-metadata encoding in OCIRepository tags (source-controller)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eImprovements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate go-git to v5.19.1 which fixes \u003ca href=\"https://github.com/advisories/GHSA-crhj-59gh-8x96\"\u003eCVE-2026-45571\u003c/a\u003e and \u003ca href=\"https://github.com/advisories/GHSA-m7cr-m3pv-hgrp\"\u003eCVE-2026-45570\u003c/a\u003e (source-controller, image-automation-controller)\u003c/li\u003e\n\u003cli\u003eMove Helm back to upstream v4.2.0 (source-controller, helm-controller)\u003c/li\u003e\n\u003cli\u003eAdd support for GCP sovereign cloud artifact registries (source-controller, image-reflector-controller)\u003c/li\u003e\n\u003cli\u003eUpgrade Kubernetes to 1.36.1 (source-controller, helm-controller)\u003c/li\u003e\n\u003cli\u003eUpdate fluxcd/pkg dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eComponents changelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ehelm-controller \u003ca href=\"https://github.com/fluxcd/helm-controller/blob/v1.5.5/CHANGELOG.md\"\u003ev1.5.5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimage-automation-controller \u003ca href=\"https://github.com/fluxcd/image-automation-controller/blob/v1.1.4/CHANGELOG.md\"\u003ev1.1.4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimage-reflector-controller \u003ca href=\"https://github.com/fluxcd/image-reflector-controller/blob/v1.1.2/CHANGELOG.md\"\u003ev1.1.2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esource-controller \u003ca href=\"https://github.com/fluxcd/source-controller/blob/v1.8.5/CHANGELOG.md\"\u003ev1.8.5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCLI changelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate toolkit components by \u003ca href=\"https://github.com/fluxcdbot\"\u003e\u003ccode\u003e@​fluxcdbot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fluxcd/flux2/pull/5904\"\u003efluxcd/flux2#5904\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fluxcd/flux2/compare/v2.8.7...v2.8.8\"\u003ehttps://github.com/fluxcd/flux2/compare/v2.8.7...v2.8.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.7\u003c/h2\u003e\n\u003ch2\u003eHighlights\u003c/h2\u003e\n\u003cp\u003eFlux v2.8.7 is a patch release that includes a bug fix in kustomize-controller, a CVE fix in source-controller and image-automation-controller via go-git v5.19.0, and dependency updates. Users are encouraged to upgrade for the best experience.\u003c/p\u003e\n\u003cp\u003eℹ️ Please follow the \u003ca href=\"https://github.com/fluxcd/flux2/discussions/5572\"\u003eUpgrade Procedure for Flux v2.7+\u003c/a\u003e for a smooth upgrade from Flux v2.6 to the latest version.\u003c/p\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix management of objects annotated with \u003ccode\u003ekustomize.toolkit.fluxcd.io/ssa: IfNotPresent\u003c/code\u003e where non-namespaced resources were being deleted and recreated on each reconciliation (kustomize-controller)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eImprovements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate go-git to v5.19.0 which fixes \u003ca href=\"https://github.com/advisories/GHSA-389r-gv7p-r3rp\"\u003eCVE-2026-45022\u003c/a\u003e (source-controller, image-automation-controller)\u003c/li\u003e\n\u003cli\u003eUpdate fluxcd/pkg dependencies (source-controller, kustomize-controller, image-automation-controller)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eComponents changelog\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/1fd61a06264d71cf445ed55c4f14d401d26a1c64\"\u003e\u003ccode\u003e1fd61a0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5904\"\u003e#5904\u003c/a\u003e from fluxcd/update-components-release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/477f048ec0c3c47ce402c5be45cb67b9b2b84386\"\u003e\u003ccode\u003e477f048\u003c/code\u003e\u003c/a\u003e Update toolkit components\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/0acfaa26c6219cb08e3add4432b981436b2a4f49\"\u003e\u003ccode\u003e0acfaa2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5899\"\u003e#5899\u003c/a\u003e from fluxcd/update-pkg-deps/release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/264957f40bef9d139323341e7466548ebba17c27\"\u003e\u003ccode\u003e264957f\u003c/code\u003e\u003c/a\u003e Update fluxcd/pkg dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/54e4ba378e155ada619caafdc599e5c4d759ce5c\"\u003e\u003ccode\u003e54e4ba3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5891\"\u003e#5891\u003c/a\u003e from fluxcd/update-components-release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/d2fbb16656555a93adfb5aa0ec7ca145919acacb\"\u003e\u003ccode\u003ed2fbb16\u003c/code\u003e\u003c/a\u003e Update toolkit components\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/66533d7c9027618340b96e7a925cbef4f43f4dfc\"\u003e\u003ccode\u003e66533d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5882\"\u003e#5882\u003c/a\u003e from fluxcd/backport-5881-to-release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/7ac36233f338adf90eb7546533f87c23a32d50fc\"\u003e\u003ccode\u003e7ac3623\u003c/code\u003e\u003c/a\u003e include source-watcher in install manifests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fluxcd/flux2/compare/04acaec6161ac4fb1a82ffafa88901c03271d34f...1fd61a06264d71cf445ed55c4f14d401d26a1c64\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `step-security/semver-utils` from 4.3.2 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/semver-utils/releases\"\u003estep-security/semver-utils's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/220\"\u003estep-security/semver-utils#220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/221\"\u003estep-security/semver-utils#221\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade packages to fix vulnerabilities by \u003ca href=\"https://github.com/Raj-StepSecurity\"\u003e\u003ccode\u003e@​Raj-StepSecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/222\"\u003estep-security/semver-utils#222\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/223\"\u003estep-security/semver-utils#223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/224\"\u003estep-security/semver-utils#224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Remove guarddog.yml by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/225\"\u003estep-security/semver-utils#225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/227\"\u003estep-security/semver-utils#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add claude review workflow by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/228\"\u003estep-security/semver-utils#228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: added banner and update subscription check to make maintained actions free for public repos by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/226\"\u003estep-security/semver-utils#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 4.1.1 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/175\"\u003estep-security/semver-utils#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/202\"\u003estep-security/semver-utils#202\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github/codeql-action from 3.24.3 to 4.35.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/218\"\u003estep-security/semver-utils#218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/dependency-review-action from 4.1.3 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/209\"\u003estep-security/semver-utils#209\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Update auto cherry-pick workflow by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/230\"\u003estep-security/semver-utils#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Cherry-picked changes from upstream by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/229\"\u003estep-security/semver-utils#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/225\"\u003estep-security/semver-utils#225\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/semver-utils/compare/v4...v5.0.0\"\u003ehttps://github.com/step-security/semver-utils/compare/v4...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/5bb182a08240146b23b61cc002cb74004377da4b\"\u003e\u003ccode\u003e5bb182a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/229\"\u003e#229\u003c/a\u003e from step-security/auto-cherry-pick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/57d3f51f108d62d579217a48d6ea0098e9a183ee\"\u003e\u003ccode\u003e57d3f51\u003c/code\u003e\u003c/a\u003e chore: Bump version in package.json and lock file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/6ac856db625c45a3598e902d3d41ff82e6c6225b\"\u003e\u003ccode\u003e6ac856d\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into auto-cherry-pick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/b36e30950176cfdc82294700f613aa2bcffe72f0\"\u003e\u003ccode\u003eb36e309\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/230\"\u003e#230\u003c/a\u003e from step-security/fix-auto-cherry-pick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/385280376f65b1dfeedc496f98d305d0b42ab1a0\"\u003e\u003ccode\u003e3852803\u003c/code\u003e\u003c/a\u003e fix: Update auto cherry-pick workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/dbfcfd87d115b9a32284e1b53930aae83c1820e5\"\u003e\u003ccode\u003edbfcfd8\u003c/code\u003e\u003c/a\u003e chore: Cherry-pick changes from upstream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/ecb04aec3bade353524b29c14ba3579d7c45779c\"\u003e\u003ccode\u003eecb04ae\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/ba69ca4900a31d80c7f4d9556f25e85777cbcaa7\"\u003e\u003ccode\u003eba69ca4\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/6f8e4f9839152d933a82fe6bdf6802d389b120d7\"\u003e\u003ccode\u003e6f8e4f9\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/9e44e9ebb00a2d5a1d8ef8886eb5c2a809949843\"\u003e\u003ccode\u003e9e44e9e\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/semver-utils/compare/4ae9c1fd6d1c5f8f152fe7e2efe8069a952c2ace...5bb182a08240146b23b61cc002cb74004377da4b\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `step-security/close-milestone` from 2.2.1 to 2.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/close-milestone/releases\"\u003estep-security/close-milestone's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/109\"\u003estep-security/close-milestone#109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/125\"\u003estep-security/close-milestone#125\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/126\"\u003estep-security/close-milestone#126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/127\"\u003estep-security/close-milestone#127\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/128\"\u003estep-security/close-milestone#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/129\"\u003estep-security/close-milestone#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/130\"\u003estep-security/close-milestone#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/131\"\u003estep-security/close-milestone#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/132\"\u003estep-security/close-milestone#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/133\"\u003estep-security/close-milestone#133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/134\"\u003estep-security/close-milestone#134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade packages to fix vulnerabilities by \u003ca href=\"https://github.com/Raj-StepSecurity\"\u003e\u003ccode\u003e@​Raj-StepSecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/135\"\u003estep-security/close-milestone#135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/136\"\u003estep-security/close-milestone#136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/137\"\u003estep-security/close-milestone#137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/138\"\u003estep-security/close-milestone#138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Remove guarddog.yml by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/139\"\u003estep-security/close-milestone#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/141\"\u003estep-security/close-milestone#141\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/142\"\u003estep-security/close-milestone#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: create claude_review.yml by \u003ca href=\"https://github.com/amanstep\"\u003e\u003ccode\u003e@​amanstep\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/143\"\u003estep-security/close-milestone#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: added banner and update subscription check to make maintained actions free for public repos by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/140\"\u003estep-security/close-milestone#140\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/139\"\u003estep-security/close-milestone#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amanstep\"\u003e\u003ccode\u003e@​amanstep\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/143\"\u003estep-security/close-milestone#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/close-milestone/compare/v2...v2.2.2\"\u003ehttps://github.com/step-security/close-milestone/compare/v2...v2.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/d6e3b63e31f1f869bd3d0403f8cdc1a68f59ab4a\"\u003e\u003ccode\u003ed6e3b63\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/140\"\u003e#140\u003c/a\u003e from step-security/feat/update-subscription-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/863f964626093731ac2c636fa7dc5ff3d2644274\"\u003e\u003ccode\u003e863f964\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into feat/update-subscription-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/e1b596a61a6ecc976f5da769dd6d7fa404a0d678\"\u003e\u003ccode\u003ee1b596a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/143\"\u003e#143\u003c/a\u003e from step-security/amanstep-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/46baafa0c6c0df51b9d34812be4ae404ccbd2e46\"\u003e\u003ccode\u003e46baafa\u003c/code\u003e\u003c/a\u003e format: fixed formatting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/6bc6bcafec2bf2bebc8ab86081cdd0b8f2630caf\"\u003e\u003ccode\u003e6bc6bca\u003c/code\u003e\u003c/a\u003e ci: create claude_review.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/e988771562706195b18b9441460b11d785b5904d\"\u003e\u003ccode\u003ee988771\u003c/code\u003e\u003c/a\u003e chore: dist updated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/07bcad02d188d4bdc830f6403f27aa3a63d9230e\"\u003e\u003ccode\u003e07bcad0\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into feat/update-subscription-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/bde7f30187b35ad62a306764515a07135f09a465\"\u003e\u003ccode\u003ebde7f30\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/142\"\u003e#142\u003c/a\u003e from step-security/npm-audit-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/c147b794f062d8a0fa8066b154701c8dda26b2ca\"\u003e\u003ccode\u003ec147b79\u003c/code\u003e\u003c/a\u003e fix: apply audit fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/5e1530b9f64d08ab27a6804b967af5a24b50792d\"\u003e\u003ccode\u003e5e1530b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/141\"\u003e#141\u003c/a\u003e from step-security/npm-audit-fix\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/close-milestone/compare/b097272a7aaa0f5c40dc6bc671d45d35c5e85b51...d6e3b63e31f1f869bd3d0403f8cdc1a68f59ab4a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sigstore/cosign-installer` from 4.1.1 to 4.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sigstore/cosign-installer/releases\"\u003esigstore/cosign-installer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump cosign to 3.0.6 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/232\"\u003esigstore/cosign-installer#232\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003e\u003ccode\u003e6f9f177\u003c/code\u003e\u003c/a\u003e Bump cosign to 3.0.6 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/b5e753ae2d39589c7b38850b463739151fc67f07\"\u003e\u003ccode\u003eb5e753a\u003c/code\u003e\u003c/a\u003e Bump actions/github-script from 8.0.0 to 9.0.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/230\"\u003e#230\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/115e4ce455e573aa6e9ba51e8d040ddd5c1378af\"\u003e\u003ccode\u003e115e4ce\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 6.3.0 to 6.4.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003...6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/login-action` from 4.1.0 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/login-action/releases\"\u003edocker/login-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/976\"\u003edocker/login-action#976\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1050.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/960\"\u003edocker/login-action#960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/970\"\u003edocker/login-action#970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.1 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/993\"\u003edocker/login-action#993\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/985\"\u003edocker/login-action#985\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.6 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/963\"\u003edocker/login-action#963\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 9.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/961\"\u003edocker/login-action#961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/979\"\u003edocker/login-action#979\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/991\"\u003edocker/login-action#991\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.3 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/986\"\u003edocker/login-action#986\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.1.0...v4.2.0\"\u003ehttps://github.com/docker/login-action/compare/v4.1.0...v4.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003e\u003ccode\u003e650006c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/960\"\u003e#960\u003c/a\u003e from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/99df1a3f6d65e48177ea57671a50e2242eae4b63\"\u003e\u003ccode\u003e99df1a3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3ab375f324f46da5f6901efeda4be4e2566ebaa2\"\u003e\u003ccode\u003e3ab375f\u003c/code\u003e\u003c/a\u003e build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/39d85804ae465a1816c68ff58158ec66883981b4\"\u003e\u003ccode\u003e39d8580\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/970\"\u003e#970\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/4eefcd33ca7213989697445a78b6730274bfaba6\"\u003e\u003ccode\u003e4eefcd3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/56d092c8b3f04006c22f4fc20a2b3d2442caed56\"\u003e\u003ccode\u003e56d092c\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/e2e31ca87063ae00fd41ad3b9c548dd8ec24c5ff\"\u003e\u003ccode\u003ee2e31ca\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/976\"\u003e#976\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/0bced941e843afc786fbfd58b1c6c13ca11e09c9\"\u003e\u003ccode\u003e0bced94\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3e75a0f266b07e09777a621d0ca5f4432ef9f10c\"\u003e\u003ccode\u003e3e75a0f\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/365bebd9d646160567ebad47824f026e09ee6970\"\u003e\u003ccode\u003e365bebd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/984\"\u003e#984\u003c/a\u003e from docker/dependabot/github_actions/aws-actions/con...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/login-action/compare/4907a6ddec9925e35a0a9e82d7399ccc52663121...650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-qemu-action` from 4.0.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-qemu-action/releases\"\u003edocker/setup-qemu-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ereset\u003c/code\u003e input to uninstall current emulators by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/21\"\u003edocker/setup-qemu-action#21\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.77.0 to 0.91.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/250\"\u003edocker/setup-qemu-action#250\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/247\"\u003edocker/setup-qemu-action#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.15 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/265\"\u003edocker/setup-qemu-action#265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.0.0 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/286\"\u003edocker/setup-qemu-action#286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/255\"\u003edocker/setup-qemu-action#255\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/257\"\u003edocker/setup-qemu-action#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.15 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/254\"\u003edocker/setup-qemu-action#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/262\"\u003edocker/setup-qemu-action#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/273\"\u003edocker/setup-qemu-action#273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/285\"\u003edocker/setup-qemu-action#285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/287\"\u003edocker/setup-qemu-action#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tmp from 0.2.5 to 0.2.6 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/291\"\u003edocker/setup-qemu-action#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.26.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/251\"\u003edocker/setup-qemu-action#251\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/271\"\u003edocker/setup-qemu-action#271\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-qemu-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/setup-qemu-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/06116385d9baf250c9f4dcb4858b16962ea869c3\"\u003e\u003ccode\u003e0611638\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/21\"\u003e#21\u003c/a\u003e from crazy-max/uninst\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/ce59c818a5ff16552ddf7407ee7cb00bea682925\"\u003e\u003ccode\u003ece59c81\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/2ddad4401e17fa807e8a3c4bd289ccdd993f0868\"\u003e\u003ccode\u003e2ddad44\u003c/code\u003e\u003c/a\u003e uninstall current emulators\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/8c37cd6f3456e1f3f3026250eac496709e9e7e10\"\u003e\u003ccode\u003e8c37cd6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/250\"\u003e#250\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/d1a0ff34af591b8e290e46f3fa114ef5bb81cd1c\"\u003e\u003ccode\u003ed1a0ff3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/0a8f3dc12541cc2c3b19c182a1a2c90a2c8b8d93\"\u003e\u003ccode\u003e0a8f3dc\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.91.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/9430f61a7691bd1bfdc4d6ba70e558659d36fa7a\"\u003e\u003ccode\u003e9430f61\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/291\"\u003e#291\u003c/a\u003e from docker/dependabot/npm_and_yarn/tmp-0.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/978bd7796cb6698377e7af6726b726e5ced642d0\"\u003e\u003ccode\u003e978bd77\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/3479febc62cc0fbcb98c7c7fc0dac778c0d79d6a\"\u003e\u003ccode\u003e3479feb\u003c/code\u003e\u003c/a\u003e build(deps): bump tmp from 0.2.5 to 0.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/b113c264143c28c2974bed61af25be32d32f4782\"\u003e\u003ccode\u003eb113c26\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/255\"\u003e#255\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-5...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-qemu-action/compare/ce360397dd3f832beb865e1373c09c0e9f86d70a...06116385d9baf250c9f4dcb4858b16962ea869c3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-buildx-action` from 4.0.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-buildx-action/releases\"\u003edocker/setup-buildx-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/489\"\u003edocker/setup-buildx-action#489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/547\"\u003edocker/setup-buildx-action#547\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/508\"\u003edocker/setup-buildx-action#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.0.0 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/540\"\u003edocker/setup-buildx-action#540\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/496\"\u003edocker/setup-buildx-action#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/499\"\u003edocker/setup-buildx-action#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 13.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/495\"\u003edocker/setup-buildx-action#495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/504\"\u003edocker/setup-buildx-action#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/523\"\u003edocker/setup-buildx-action#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/503\"\u003edocker/setup-buildx-action#503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/537\"\u003edocker/setup-buildx-action#537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/545\"\u003edocker/setup-buildx-action#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.25.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/492\"\u003edocker/setup-buildx-action#492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/520\"\u003edocker/setup-buildx-action#520\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5\"\u003e\u003ccode\u003ed7f5e7f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/489\"\u003e#489\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/92bc5c9777806d0a73d9d668ba2114fa1177f164\"\u003e\u003ccode\u003e92bc5c9\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/da11e35abee0f20cb4f1c1b7c461d37c29be52f5\"\u003e\u003ccode\u003eda11e35\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/f021e162ef95b6fba51af1c6674f537f25bce851\"\u003e\u003ccode\u003ef021e16\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/492\"\u003e#492\u003c/a\u003e from docker/dependabot/npm_and_yarn/undici-6.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/b5af94fab700aee0c64d6077e0e34ae987815b67\"\u003e\u003ccode\u003eb5af94f\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/16ad9776a801d0c47f0a05f007b88a3789aa8ab6\"\u003e\u003ccode\u003e16ad977\u003c/code\u003e\u003c/a\u003e build(deps): bump undici from 6.23.0 to 6.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/d7a12d7df895b33bd02a9b4bf62a12f2b9a24458\"\u003e\u003ccode\u003ed7a12d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/495\"\u003e#495\u003c/a\u003e from docker/dependabot/npm_and_yarn/glob-10.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/28ff27de4eed7518d361591f2cd1dfb69c34a7cb\"\u003e\u003ccode\u003e28ff27d\u003c/code\u003e\u003c/a\u003e build(deps): bump glob from 10.3.12 to 13.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/daf436b50e13d9053b9730cbc16516891878b019\"\u003e\u003ccode\u003edaf436b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/496\"\u003e#496\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-5...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/9725348367859764880f2f2e688a6b0c353e3f35\"\u003e\u003ccode\u003e9725348\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/build-push-action` from 7.1.0 to 7.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/build-push-action/releases\"\u003edocker/build-push-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1525\"\u003edocker/build-push-action#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1517\"\u003edocker/build-push-action#1517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.2 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1534\"\u003edocker/build-push-action#1534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1529\"\u003edocker/build-push-action#1529\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.5.7 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1521\"\u003edocker/build-push-action#1521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1526\"\u003edocker/build-push-action#1526\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1533\"\u003edocker/build-push-action#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003e\u003ccode\u003ef9f3042\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1517\"\u003e#1517\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/812d5fd9212a4c5d419e5be02fd8e9bb435c5d76\"\u003e\u003ccode\u003e812d5fd\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/b6f66930769f2917a3275dc4d81f15583ac7e105\"\u003e\u003ccode\u003eb6f6693\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/c1c626eced73a500ec65c4256c620b3b9e8278c0\"\u003e\u003ccode\u003ec1c626e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1525\"\u003e#1525\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/51bb284cd4d05650aa6f5e4e22cb96d2cbfe62b7\"\u003e\u003ccode\u003e51bb284\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/5f7884def8f133e8ef40c53d003d1471c05621c6\"\u003e\u003ccode\u003e5f7884d\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/e01deff7d956c756a20f3e19ff7ddc0e4a50fc1d\"\u003e\u003ccode\u003ee01deff\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1521\"\u003e#1521\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/3804d497934b39bd591ee9d1c6c9e593b4488a67\"\u003e\u003ccode\u003e3804d49\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/71e8947aac5dad23ce83a43e9c98f750e02de2f3\"\u003e\u003ccode\u003e71e8947\u003c/code\u003e\u003c/a\u003e chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/4925ad24cdbc42ff492d76cf9fe7a30b79976b60\"\u003e\u003ccode\u003e4925ad2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1526\"\u003e#1526\u003c/a\u003e from docker/dependabot/npm_and_yarn/postcss-8.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/build-push-action/compare/bcafcacb16a39f128d818304e6c9c0c18556b85f...f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `securego/gosec` from 2.25.0 to 2.27.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/securego/gosec/releases\"\u003esecurego/gosec's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.27.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e9e6a9843d7a4a6e3e9a8539b02612c8a4aa3f889 Downgrade google lib to avoid min Go version bump (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1687\"\u003e#1687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.27.0\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e0a5c6504c46569257663726ac54c7cfdad42e846 Downgrade the jsonschema dep to v0.13.0 due to incompatibility with anthropick-sdk-go (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1686\"\u003e#1686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb48e668764ca9fd826a7b84c9e9194af3227fade Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1685\"\u003e#1685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebd17b2589eb634e511b352f14fc30cb40863eefe Downgrade the github.com/invopop/jsonschema v0.13.0 to solve incopatibility with anthropic-sdk (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1683\"\u003e#1683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec6f8c3d9a75d897612c7beb55007ac5f29b2e3a2 Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1682\"\u003e#1682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e5676cbccda635b33fab15bb85e32b2e741c9372f Update vulnerabilities alerts for indirect dependencies\u003c/li\u003e\n\u003cli\u003ece167d4a37bc5fe3f49bb9be3209f9759b69ff6f Pin dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1681\"\u003e#1681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e74b726dfcebf218a1984a51b44fe962aecef5921 Skip pining for my repos\u003c/li\u003e\n\u003cli\u003ea68f8825bfa51b46cc517a5cd8baf4848e03a8d1 Update renovate configuration\u003c/li\u003e\n\u003cli\u003e2f8791bad7bf8f6a11f0b29e41aec54ddb9fcb0b Fix typo\u003c/li\u003e\n\u003cli\u003ead3778a7be907bf4e5cf5ed5c63333a377f3fb3b Update branch config in renovate config\u003c/li\u003e\n\u003cli\u003eb1583fe2f3ffb41074cb11996e58ca554c6c04e7 Migrate config renovate.json (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1678\"\u003e#1678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e139e33d474374c8e26a0e480f077526e131f43bb Update renovate to refresh the branch creation\u003c/li\u003e\n\u003cli\u003ef3c03ebb7f077f9b9ddfc64f710e0a2d2e92ded4 Update the renovate branch prefix\u003c/li\u003e\n\u003cli\u003e85814f2e3964a6d38aeb6e6002ac9268c16fcab5 Update renovate config to pin the actions dependencies by digests (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1676\"\u003e#1676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e55f051973281b15900b2b8b30aaf467a7b9127ea Migrate the html remport to react v19. (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1675\"\u003e#1675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e6ad4476d269895a4a9b77883b3e3503f7e5e4103 Manually update version to fix renovate (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1674\"\u003e#1674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e8f88312a5f80dbf04d2248d75c372d165e54e589 feat: integrate Atlas Cloud provider (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1672\"\u003e#1672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e6351b0c6fcc7d75acb230a9be7f9047aada322ae Refactor error position parsing to support path with colon. (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1673\"\u003e#1673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ede65614d10a6b84029e3e1215567b8ce7e490f23 Add two options to require rule ID and justificaiton for inline annotations (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1671\"\u003e#1671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ee354c572d957eb8bf63481cc9ba2704b58a6ae35 Fix false positive in G118 when cancel is stored in a slice/map (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1670\"\u003e#1670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e4161f0b4333859990584c9fb3fd377a892eaf477 chore(go): update supported Go versions to 1.25.10 and 1.26.3 (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1669\"\u003e#1669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb4f29347566880540afec8205b633d2859377cec Harden the github workflows and action (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1665\"\u003e#1665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb7aca268861108d4446959fa92d2fe808eb7aa6f Fix justification delimiter in annotation format doc (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1661\"\u003e#1661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e945bce72d26a794e25a122d87527d063bf887903 Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1664\"\u003e#1664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e5f4eec95fa28ce5dc6cf555de8c242cb57545f01 Update action to use gosec version v2.26.1 (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.26.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e4a3bd8af174872c778439083ded7adbf3747e770 Update cosign to v3.0.6 (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1659\"\u003e#1659\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/9e6a9843d7a4a6e3e9a8539b02612c8a4aa3f889\"\u003e\u003ccode\u003e9e6a984\u003c/code\u003e\u003c/a\u003e Downgrade google lib to avoid min Go version bump (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1687\"\u003e#1687\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/0a5c6504c46569257663726ac54c7cfdad42e846\"\u003e\u003ccode\u003e0a5c650\u003c/code\u003e\u003c/a\u003e Downgrade the jsonschema dep to v0.13.0 due to incompatibility with anthropic...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/b48e668764ca9fd826a7b84c9e9194af3227fade\"\u003e\u003ccode\u003eb48e668\u003c/code\u003e\u003c/a\u003e Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1685\"\u003e#1685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/bd17b2589eb634e511b352f14fc30cb40863eefe\"\u003e\u003ccode\u003ebd17b25\u003c/code\u003e\u003c/a\u003e Downgrade the github.com/invopop/jsonschema v0.13.0 to solve incopatibility w...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/c6f8c3d9a75d897612c7beb55007ac5f29b2e3a2\"\u003e\u003ccode\u003ec6f8c3d\u003c/code\u003e\u003c/a\u003e Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1682\"\u003e#1682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/5676cbccda635b33fab15bb85e32b2e741c9372f\"\u003e\u003ccode\u003e5676cbc\u003c/code\u003e\u003c/a\u003e Update vulnerabilities alerts for indirect dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/ce167d4a37bc5fe3f49bb9be3209f9759b69ff6f\"\u003e\u003ccode\u003ece167d4\u003c/code\u003e\u003c/a\u003e Pin dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1681\"\u003e#1681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/74b726dfcebf218a1984a51b44fe962aecef5921\"\u003e\u003ccode\u003e74b726d\u003c/code\u003e\u003c/a\u003e Skip pining for my repos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/a68f8825bfa51b46cc517a5cd8baf4848e03a8d1\"\u003e\u003ccode\u003ea68f882\u003c/code\u003e\u003c/a\u003e Update renovate configuration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/2f8791bad7bf8f6a11f0b29e41aec54ddb9fcb0b\"\u003e\u003ccode\u003e2f8791b\u003c/code\u003e\u003c/a\u003e Fix typo\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/securego/gosec/compare/223e19b8856e00f02cc67804499a83f77e208f3c...9e6a9843d7a4a6e3e9a8539b02612c8a4aa3f889\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e m...\n\n_Description has been truncated_","html_url":"https://github.com/oyakhilo20/hiero-mirror-node--040/pull/31","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/oyakhilo20%2Fhiero-mirror-node--040/issues/31","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/31/packages"}},{"old_version":"2.13.0","new_version":"2.19.4","update_type":"minor","path":null,"pr_created_at":"2026-06-04T09:05:10.000Z","version_change":"2.13.0 → 2.19.4","issue":{"uuid":"4587362872","node_id":"PR_kwDOL6cqfs7im1Ui","number":330,"state":"closed","title":"chore(deps): bump the github-actions group across 1 directory with 18 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-05T23:37:01.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-04T09:05:10.000Z","updated_at":"2026-06-05T23:37:03.000Z","time_to_close":138711,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-actions","update_count":18,"packages":[{"name":"step-security/harden-runner","old_version":"2.13.0","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/checkout","old_version":"4.2.2","new_version":"6.0.3","repository_url":"https://github.com/actions/checkout"},{"name":"crate-ci/typos","old_version":"1.34.0","new_version":"1.47.2","repository_url":"https://github.com/crate-ci/typos"},{"name":"gitleaks/gitleaks-action","old_version":"2.3.9","new_version":"3.0.0","repository_url":"https://github.com/gitleaks/gitleaks-action"},{"name":"github/codeql-action","old_version":"3","new_version":"4","repository_url":"https://github.com/github/codeql-action"},{"name":"aquasecurity/trivy-action","old_version":"0.32.0","new_version":"0.36.0","repository_url":"https://github.com/aquasecurity/trivy-action"},{"name":"codecov/test-results-action","old_version":"1.1.1","new_version":"1.2.1","repository_url":"https://github.com/codecov/test-results-action"},{"name":"codecov/codecov-action","old_version":"5.4.3","new_version":"6.0.1","repository_url":"https://github.com/codecov/codecov-action"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"zaproxy/action-full-scan","old_version":"0.12.0","new_version":"0.13.0","repository_url":"https://github.com/zaproxy/action-full-scan"},{"name":"actions/github-script","old_version":"7","new_version":"9","repository_url":"https://github.com/actions/github-script"},{"name":"ossf/scorecard-action","old_version":"2.4.2","new_version":"2.4.3","repository_url":"https://github.com/ossf/scorecard-action"},{"name":"actions/download-artifact","old_version":"4.3.0","new_version":"8.0.1","repository_url":"https://github.com/actions/download-artifact"},{"name":"softprops/action-gh-release","old_version":"2.3.2","new_version":"3.0.0","repository_url":"https://github.com/softprops/action-gh-release"},{"name":"actions/dependency-review-action","old_version":"4.7.1","new_version":"5.0.0","repository_url":"https://github.com/actions/dependency-review-action"},{"name":"dependabot/fetch-metadata","old_version":"2.4.0","new_version":"3.1.0","repository_url":"https://github.com/dependabot/fetch-metadata"},{"name":"madhead/semver-utils","old_version":"4.3.0","new_version":"5.0.0","repository_url":"https://github.com/madhead/semver-utils"},{"name":"actions/setup-python","old_version":"5.6.0","new_version":"6.2.0","repository_url":"https://github.com/actions/setup-python"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 18 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.13.0` | `2.19.4` |\n| [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `6.0.3` |\n| [crate-ci/typos](https://github.com/crate-ci/typos) | `1.34.0` | `1.47.2` |\n| [gitleaks/gitleaks-action](https://github.com/gitleaks/gitleaks-action) | `2.3.9` | `3.0.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` |\n| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.32.0` | `0.36.0` |\n| [codecov/test-results-action](https://github.com/codecov/test-results-action) | `1.1.1` | `1.2.1` |\n| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.4.3` | `6.0.1` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [zaproxy/action-full-scan](https://github.com/zaproxy/action-full-scan) | `0.12.0` | `0.13.0` |\n| [actions/github-script](https://github.com/actions/github-script) | `7` | `9` |\n| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.2` | `2.4.3` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` |\n| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.3.2` | `3.0.0` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.7.1` | `5.0.0` |\n| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.4.0` | `3.1.0` |\n| [madhead/semver-utils](https://github.com/madhead/semver-utils) | `4.3.0` | `5.0.0` |\n| [actions/setup-python](https://github.com/actions/setup-python) | `5.6.0` | `6.2.0` |\n\n\nUpdates `step-security/harden-runner` from 2.13.0 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/harden-runner/compare/ec9f2d5744a09debf3a187a3f4f675c53b671911...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 4.2.2 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824\"\u003e\u003ccode\u003e1cce339\u003c/code\u003e\u003c/a\u003e Fix checkout init for SHA-256 repositories (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2439\"\u003e#2439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231\"\u003e\u003ccode\u003e900f221\u003c/code\u003e\u003c/a\u003e fix: expand merge commit SHA regex and add SHA-256 test cases (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2414\"\u003e#2414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98\"\u003e\u003ccode\u003e0c366fd\u003c/code\u003e\u003c/a\u003e Update changelog (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2357\"\u003e#2357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/11bd71901bbe5b1630ceea73d27597364c9af683...df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `crate-ci/typos` from 1.34.0 to 1.47.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/crate-ci/typos/releases\"\u003ecrate-ci/typos's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.47.2\u003c/h2\u003e\n\u003ch2\u003e[1.47.2] - 2026-06-04\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't correct \u003ccode\u003einferrable\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCorrect unused \u003ccode\u003einferible\u003c/code\u003e variant\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.47.1\u003c/h2\u003e\n\u003ch2\u003e[1.47.1] - 2026-06-03\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't correct \u003ccode\u003erequestors\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.47.0\u003c/h2\u003e\n\u003ch2\u003e[1.47.0] - 2026-05-29\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated the dictionary with the \u003ca href=\"https://redirect.github.com/crate-ci/typos/issues/1545\"\u003eMay 2026\u003c/a\u003e changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.46.3\u003c/h2\u003e\n\u003ch2\u003e[1.46.3] - 2026-05-23\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't correct to \u003ccode\u003esequentials\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDon't correct to \u003ccode\u003esubdolder\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.46.2\u003c/h2\u003e\n\u003ch2\u003e[1.46.2] - 2026-05-16\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't correct to \u003ccode\u003ecriterias\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDon't correct to \u003ccode\u003ereplaceables\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.46.1\u003c/h2\u003e\n\u003ch2\u003e[1.46.1] - 2026-05-08\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't correct to \u003ccode\u003econfidentials\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.46.0\u003c/h2\u003e\n\u003ch2\u003e[1.46.0] - 2026-04-30\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/crate-ci/typos/blob/master/CHANGELOG.md\"\u003ecrate-ci/typos's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChange Log\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"https://semver.org/\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e[Unreleased] - ReleaseDate\u003c/h2\u003e\n\u003ch2\u003e[1.47.2] - 2026-06-04\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't correct \u003ccode\u003einferrable\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCorrect unused \u003ccode\u003einferible\u003c/code\u003e variant\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.47.1] - 2026-06-03\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't correct \u003ccode\u003erequestors\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.47.0] - 2026-05-29\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated the dictionary with the \u003ca href=\"https://redirect.github.com/crate-ci/typos/issues/1545\"\u003eMay 2026\u003c/a\u003e changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.46.3] - 2026-05-23\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't correct to \u003ccode\u003esequentials\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDon't correct to \u003ccode\u003esubdolder\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.46.2] - 2026-05-16\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't correct to \u003ccode\u003ecriterias\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDon't correct to \u003ccode\u003ereplaceables\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.46.1] - 2026-05-08\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't correct to \u003ccode\u003econfidentials\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.46.0] - 2026-04-30\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crate-ci/typos/commit/37bb98842b0d8c4ffebdb75301a13db0267cef89\"\u003e\u003ccode\u003e37bb988\u003c/code\u003e\u003c/a\u003e chore: Release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crate-ci/typos/commit/cf0d28060ca881bc27ff40b3bdbf29e6b965aec9\"\u003e\u003ccode\u003ecf0d280\u003c/code\u003e\u003c/a\u003e docs: Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crate-ci/typos/commit/365762c5b7f8c0893e9c2cc2f28ad346d3a5d540\"\u003e\u003ccode\u003e365762c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/crate-ci/typos/issues/1569\"\u003e#1569\u003c/a\u003e from epage/infer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crate-ci/typos/commit/ee20d2ae6a3289fd9199670a32eb0ef116f821c6\"\u003e\u003ccode\u003eee20d2a\u003c/code\u003e\u003c/a\u003e fix(dict): Allow inferrable, disallow inferible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crate-ci/typos/commit/44e2070e6017f834bf069503acb35ca0ca0b75f2\"\u003e\u003ccode\u003e44e2070\u003c/code\u003e\u003c/a\u003e chore: Release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crate-ci/typos/commit/e10d108c2ad5ba9c5271cc8187b3542620754107\"\u003e\u003ccode\u003ee10d108\u003c/code\u003e\u003c/a\u003e docs: Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crate-ci/typos/commit/06f8734ce409b4da0b249a0fb43d261e2deef073\"\u003e\u003ccode\u003e06f8734\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/crate-ci/typos/issues/1566\"\u003e#1566\u003c/a\u003e from epage/fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crate-ci/typos/commit/a12d104c3773d39452966c248b100cd165afc6ac\"\u003e\u003ccode\u003ea12d104\u003c/code\u003e\u003c/a\u003e fix(dict): Don't correct requestors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crate-ci/typos/commit/823a0a4672ea7c524f9a1fd99c5c5ae5b1952bf2\"\u003e\u003ccode\u003e823a0a4\u003c/code\u003e\u003c/a\u003e chore(deps): Update compatible (\u003ca href=\"https://redirect.github.com/crate-ci/typos/issues/1564\"\u003e#1564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/crate-ci/typos/commit/f8a58b6b53f2279f71eb605f03a4ae4d10608f45\"\u003e\u003ccode\u003ef8a58b6\u003c/code\u003e\u003c/a\u003e chore: Release\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/crate-ci/typos/compare/392b78fe18a52790c53f42456e46124f77346842...37bb98842b0d8c4ffebdb75301a13db0267cef89\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `gitleaks/gitleaks-action` from 2.3.9 to 3.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gitleaks/gitleaks-action/releases\"\u003egitleaks/gitleaks-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's changed\u003c/h2\u003e\n\u003cp\u003egitleaks-action v3 migrates the runtime from Node 20 to Node 24. \u003cstrong\u003eNo changes to inputs, outputs, or behavior.\u003c/strong\u003e Update your workflow from \u003ccode\u003egitleaks/gitleaks-action@v2\u003c/code\u003e to \u003ccode\u003egitleaks/gitleaks-action@v3\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eMigration\u003c/h3\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003e# Before\n- uses: gitleaks/gitleaks-action@v2\n\u003ch1\u003eAfter\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003euses: gitleaks/gitleaks-action@v3\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eWhy\u003c/h3\u003e\n\u003cp\u003eGitHub is deprecating the Node 20 runtime for Actions:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eJune 2, 2026:\u003c/strong\u003e GitHub flips the runner default to Node 24. Workflows using \u003ccode\u003egitleaks-action@v2\u003c/code\u003e (Node 20) will still run, but only if \u003ccode\u003eACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true\u003c/code\u003e is set as an environment variable.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSeptember 16, 2026:\u003c/strong\u003e Node 20 is removed from GitHub-hosted runners entirely. \u003ccode\u003egitleaks-action@v2\u003c/code\u003e stops working regardless of any opt-out flag.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eaction.yml\u003c/code\u003e: runtime \u003ccode\u003enode20\u003c/code\u003e → \u003ccode\u003enode24\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@actions/core\u003c/code\u003e: 1.10.0 → 1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edist/\u003c/code\u003e rebuilt\u003c/li\u003e\n\u003cli\u003eExample workflows updated to \u003ccode\u003eactions/checkout@v6\u003c/code\u003e and \u003ccode\u003egitleaks-action@v3\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eREADME updated with v3 migration guide\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSelf-hosted runners\u003c/h3\u003e\n\u003cp\u003eIf you use self-hosted runners, ensure your runner version is \u003ccode\u003e\u0026gt;= v2.327.1\u003c/code\u003e (required for Node 24 support).\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gitleaks/gitleaks-action/commit/e0c47f4f8be36e29cdc102c57e68cb5cbf0e8d1e\"\u003e\u003ccode\u003ee0c47f4\u003c/code\u003e\u003c/a\u003e chore: migrate to Node 24 runtime (v3)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gitleaks/gitleaks-action/commit/bf2dc8e55639c1e091e9b45970152e4313705814\"\u003e\u003ccode\u003ebf2dc8e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/gitleaks/gitleaks-action/issues/191\"\u003e#191\u003c/a\u003e from Olexandr88/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gitleaks/gitleaks-action/commit/b71323b056f4cc8c7f4cc7decfcc26b5e80b8e15\"\u003e\u003ccode\u003eb71323b\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gitleaks/gitleaks-action/commit/9c66aa96d2700e2b6aa0f9f7021ae6e5cc7a4375\"\u003e\u003ccode\u003e9c66aa9\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gitleaks/gitleaks-action/commit/186c3fea8923e06a92dc3806067ad6afaf53e754\"\u003e\u003ccode\u003e186c3fe\u003c/code\u003e\u003c/a\u003e Create FUNDING.yml\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/gitleaks/gitleaks-action/compare/ff98106e4c7b2bc287b24eaf42907196329070c7...e0c47f4f8be36e29cdc102c57e68cb5cbf0e8d1e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 3 to 4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.36.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.36.1\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev3.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.36.2 - 04 Jun 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCache CodeQL CLI version information across Actions steps. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3943\"\u003e#3943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3937\"\u003e#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6\"\u003e2.25.6\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3948\"\u003e#3948\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.36.1 - 02 Jun 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0ad7c1f95ec5c574792a6371d0ac313f2c260188\"\u003e\u003ccode\u003e0ad7c1f\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/25c25b5e09a2b7b21407dae4d901fa0e4778858a\"\u003e\u003ccode\u003e25c25b5\u003c/code\u003e\u003c/a\u003e Update changelog and version after v4.36.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/87557b9c84dde89fdd9b10e88954ac2f4248e463\"\u003e\u003ccode\u003e87557b9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3940\"\u003e#3940\u003c/a\u003e from github/update-v4.36.1-2a1689ed4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/94310119648b77e2153bf970fd244062806781de\"\u003e\u003ccode\u003e9431011\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2a1689ed43ccdf7eea07e03a75371ce6801d28e6\"\u003e\u003ccode\u003e2a1689e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3939\"\u003e#3939\u003c/a\u003e from github/henrymercer/skip-overlay-revert-when-exp...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d40e417f3c43e66dec164393f3b2b94722865c6f\"\u003e\u003ccode\u003ed40e417\u003c/code\u003e\u003c/a\u003e Only do initial wait when not running tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/524532393a46071bdfc81527a811ffa69e16723a\"\u003e\u003ccode\u003e5245323\u003c/code\u003e\u003c/a\u003e Disable missing diff-ranges fallback when overlay enabled manually\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/948a63aed1cfd5c69e66d4c5c9b60ad2b5b23d64\"\u003e\u003ccode\u003e948a63a\u003c/code\u003e\u003c/a\u003e Add FF to force JGit-based Git backend\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/github/codeql-action/compare/v3...v4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aquasecurity/trivy-action` from 0.32.0 to 0.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aquasecurity/trivy-action/releases\"\u003eaquasecurity/trivy-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.36.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(ci): update bump-trivy workflow by \u003ca href=\"https://github.com/DmitriyLewen\"\u003e\u003ccode\u003e@​DmitriyLewen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/546\"\u003eaquasecurity/trivy-action#546\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use action.yaml as single source of truth for Trivy version by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/552\"\u003eaquasecurity/trivy-action#552\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: replace peter-evans/create-pull-request with gh CLI by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/550\"\u003eaquasecurity/trivy-action#550\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: use pinned digests for trivy-db, trivy-java-db and trivy-checks by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/555\"\u003eaquasecurity/trivy-action#555\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add dependabot config by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/556\"\u003eaquasecurity/trivy-action#556\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: add zizmor config by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/557\"\u003eaquasecurity/trivy-action#557\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the actions group with 5 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/558\"\u003eaquasecurity/trivy-action#558\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: use portable shebang in entrypoint.sh by \u003ca href=\"https://github.com/Hayao0819\"\u003e\u003ccode\u003e@​Hayao0819\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/545\"\u003eaquasecurity/trivy-action#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in GOOGLE_APPLICATION_CREDENTIALS env var name by \u003ca href=\"https://github.com/patrik-csak\"\u003e\u003ccode\u003e@​patrik-csak\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/547\"\u003eaquasecurity/trivy-action#547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade Trivy action version from 0.33.1 to 0.35.0 fixes \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/549\"\u003e#549\u003c/a\u003e by \u003ca href=\"https://github.com/Aditya09-cse\"\u003e\u003ccode\u003e@​Aditya09-cse\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/548\"\u003eaquasecurity/trivy-action#548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: use GitHub Actions as git commit author in bump-trivy workflow by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/561\"\u003eaquasecurity/trivy-action#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Update trivy to v0.70.0 by \u003ca href=\"https://github.com/Argon-DevOps-Mgt\"\u003e\u003ccode\u003e@​Argon-DevOps-Mgt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/559\"\u003eaquasecurity/trivy-action#559\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update action version to v0.36.0 in examples by \u003ca href=\"https://github.com/nikpivkin\"\u003e\u003ccode\u003e@​nikpivkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/563\"\u003eaquasecurity/trivy-action#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/558\"\u003eaquasecurity/trivy-action#558\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Hayao0819\"\u003e\u003ccode\u003e@​Hayao0819\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/545\"\u003eaquasecurity/trivy-action#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrik-csak\"\u003e\u003ccode\u003e@​patrik-csak\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/547\"\u003eaquasecurity/trivy-action#547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Aditya09-cse\"\u003e\u003ccode\u003e@​Aditya09-cse\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/548\"\u003eaquasecurity/trivy-action#548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Argon-DevOps-Mgt\"\u003e\u003ccode\u003e@​Argon-DevOps-Mgt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/559\"\u003eaquasecurity/trivy-action#559\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/aquasecurity/trivy-action/compare/v0.35.0...v0.36.0\"\u003ehttps://github.com/aquasecurity/trivy-action/compare/v0.35.0...v0.36.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eRelease: 0.35.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): Update trivy to v0.69.3 by \u003ca href=\"https://github.com/aqua-bot\"\u003e\u003ccode\u003e@​aqua-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/519\"\u003eaquasecurity/trivy-action#519\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/aquasecurity/trivy-action/compare/0.34.2...0.35.0\"\u003ehttps://github.com/aquasecurity/trivy-action/compare/0.34.2...0.35.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eRelease: v0.35.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eThis release is a duplicate of \u003ca href=\"https://github.com/aquasecurity/trivy-action/releases/tag/0.35.0\"\u003e0.35.0\u003c/a\u003e which was not compromised.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eAs part of our response to the recent supply chain attack, we have migrated all tags to use the \u003ccode\u003ev\u003c/code\u003e prefix (e.g., \u003ccode\u003ev0.35.0\u003c/code\u003e instead of \u003ccode\u003e0.35.0\u003c/code\u003e). Going forward, all new releases will use the \u003ccode\u003ev\u003c/code\u003e prefix convention.\u003c/p\u003e\n\u003cp\u003eWe have intentionally kept the \u003ccode\u003e0.35.0\u003c/code\u003e tag intact to avoid breaking existing workflows that depend on it.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eIf you are currently using \u003ccode\u003e0.35.0\u003c/code\u003e, your workflows are safe — no action is required.\u003c/strong\u003e\u003c/p\u003e\n\u003ch2\u003eRelease: v0.34.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/aquasecurity/trivy-action/compare/v0.33.1...v0.34.0\"\u003ehttps://github.com/aquasecurity/trivy-action/compare/v0.33.1...v0.34.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eRelease: v0.33.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate setup-trivy action to version v0.2.4 by \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/pull/486\"\u003eaquasecurity/trivy-action#486\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/aquasecurity/trivy-action/compare/v0.33.0...v0.33.1\"\u003ehttps://github.com/aquasecurity/trivy-action/compare/v0.33.0...v0.33.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy-action/commit/ed142fd0673e97e23eac54620cfb913e5ce36c25\"\u003e\u003ccode\u003eed142fd\u003c/code\u003e\u003c/a\u003e chore: update action version to v0.36.0 in examples (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/563\"\u003e#563\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy-action/commit/dea62cf79abc269fc35dfd161a4539f0d1f92293\"\u003e\u003ccode\u003edea62cf\u003c/code\u003e\u003c/a\u003e chore(deps): Update trivy to v0.70.0 (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/559\"\u003e#559\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy-action/commit/128d9a8815401077119ad09f6ca1892d422c387b\"\u003e\u003ccode\u003e128d9a8\u003c/code\u003e\u003c/a\u003e chore: use GitHub Actions as git commit author in bump-trivy workflow (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/561\"\u003e#561\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy-action/commit/876cf04c63f65e9799bcf1043b584e72469c7143\"\u003e\u003ccode\u003e876cf04\u003c/code\u003e\u003c/a\u003e Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes \u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/549\"\u003e#549\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/548\"\u003e#548\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy-action/commit/dada78485d6b2b310d433af366da35a70cf01102\"\u003e\u003ccode\u003edada784\u003c/code\u003e\u003c/a\u003e Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/547\"\u003e#547\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy-action/commit/4a2deec9100bbbee6320e9a33fc9216b5e444e0b\"\u003e\u003ccode\u003e4a2deec\u003c/code\u003e\u003c/a\u003e fix: use portable shebang in entrypoint.sh (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy-action/commit/1994662b5555670344cd84d29ed3cad4bd26f31c\"\u003e\u003ccode\u003e1994662\u003c/code\u003e\u003c/a\u003e chore(deps): bump the actions group with 5 updates (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy-action/commit/6b36659d99b5bc1a27d44e8be2e3b007f91b033c\"\u003e\u003ccode\u003e6b36659\u003c/code\u003e\u003c/a\u003e chore: add zizmor config (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/557\"\u003e#557\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy-action/commit/316aa5aebe03b45a43ade3ec18d7b9c7f9ccb464\"\u003e\u003ccode\u003e316aa5a\u003c/code\u003e\u003c/a\u003e ci: add dependabot config (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/556\"\u003e#556\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aquasecurity/trivy-action/commit/264c9c5e188ea085e7377fd77abd17bfbd4e5926\"\u003e\u003ccode\u003e264c9c5\u003c/code\u003e\u003c/a\u003e test: use pinned digests for trivy-db, trivy-java-db and trivy-checks (\u003ca href=\"https://redirect.github.com/aquasecurity/trivy-action/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aquasecurity/trivy-action/compare/dc5a429b52fcf669ce959baa2c2dd26090d2a6c4...ed142fd0673e97e23eac54620cfb913e5ce36c25\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `codecov/test-results-action` from 1.1.1 to 1.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/test-results-action/releases\"\u003ecodecov/test-results-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: deprecate this action by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/test-results-action/pull/129\"\u003ecodecov/test-results-action#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 1.2.1 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/test-results-action/pull/130\"\u003ecodecov/test-results-action#130\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/test-results-action/compare/v1.1.1...v1.2.1\"\u003ehttps://github.com/codecov/test-results-action/compare/v1.1.1...v1.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/test-results-action/commit/0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3\"\u003e\u003ccode\u003e0fa95f0\u003c/code\u003e\u003c/a\u003e chore(release): 1.2.1 (\u003ca href=\"https://redirect.github.com/codecov/test-results-action/issues/130\"\u003e#130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/test-results-action/commit/3fef12b33cff40c3ba4a721741678dd3abebcd67\"\u003e\u003ccode\u003e3fef12b\u003c/code\u003e\u003c/a\u003e fix: deprecate this action (\u003ca href=\"https://redirect.github.com/codecov/test-results-action/issues/129\"\u003e#129\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/codecov/test-results-action/compare/47f89e9acb64b76debcd5ea40642d25a4adced9f...0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `codecov/codecov-action` from 5.4.3 to 6.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/releases\"\u003ecodecov/codecov-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: prevent template injection in run: steps (VULN-1652) by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1947\"\u003ecodecov/codecov-action#1947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 6.0.1 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1949\"\u003ecodecov/codecov-action#1949\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003e⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Revert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot;\u0026quot; by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1929\"\u003ecodecov/codecov-action#1929\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTh/6.0.0 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1928\"\u003ecodecov/codecov-action#1928\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.4...v6.0.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.4...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.4\u003c/h2\u003e\n\u003cp\u003eThis is a mirror of \u003ccode\u003ev5.5.2\u003c/code\u003e. \u003ccode\u003ev6\u003c/code\u003e will be released which requires \u003ccode\u003enode24\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;build(deps): bump actions/github-script from 7.0.1 to 8.0.0\u0026quot; by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1926\"\u003ecodecov/codecov-action#1926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 5.5.4 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1927\"\u003ecodecov/codecov-action#1927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.3...v5.5.4\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.3...v5.5.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/github-script from 7.0.1 to 8.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1874\"\u003ecodecov/codecov-action#1874\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): bump to 5.5.3 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1922\"\u003ecodecov/codecov-action#1922\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.2...v5.5.3\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.2...v5.5.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echeck gpg only when skip-validation = false by \u003ca href=\"https://github.com/maxweng-sentry\"\u003e\u003ccode\u003e@​maxweng-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1894\"\u003ecodecov/codecov-action#1894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: \u003ccode\u003edisable_search\u003c/code\u003e alignment by \u003ca href=\"https://github.com/freemanzMrojo\"\u003e\u003ccode\u003e@​freemanzMrojo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1881\"\u003ecodecov/codecov-action#1881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 5.5.2 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1902\"\u003ecodecov/codecov-action#1902\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/maxweng-sentry\"\u003e\u003ccode\u003e@​maxweng-sentry\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1894\"\u003ecodecov/codecov-action#1894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/freemanzMrojo\"\u003e\u003ccode\u003e@​freemanzMrojo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1881\"\u003ecodecov/codecov-action#1881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.1...v5.5.2\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.1...v5.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md\"\u003ecodecov/codecov-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.5.2\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.1\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: overwrite pr number on fork by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1871\"\u003ecodecov/codecov-action#1871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.2 to 5.0.0 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1868\"\u003ecodecov/codecov-action#1868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1867\"\u003ecodecov/codecov-action#1867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update to use local app/ dir by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1872\"\u003ecodecov/codecov-action#1872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typo in README by \u003ca href...\n\n_Description has been truncated_","html_url":"https://github.com/tvna/command-ghostwriter/pull/330","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tvna%2Fcommand-ghostwriter/issues/330","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/330/packages"}},{"old_version":"2.16.0","new_version":"2.19.4","update_type":"minor","path":null,"pr_created_at":"2026-06-04T04:27:18.000Z","version_change":"2.16.0 → 2.19.4","issue":{"uuid":"4585782507","node_id":"PR_kwDOBpB4_s7iho-L","number":47,"state":"closed","title":"Chore: Bump step-security/harden-runner from 2.16.0 to 2.19.4","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":"2026-06-04T04:27:59.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-04T04:27:18.000Z","updated_at":"2026-06-04T04:28:08.000Z","time_to_close":41,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Chore: Bump","packages":[{"name":"step-security/harden-runner","old_version":"2.16.0","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"}],"path":null,"ecosystem":"actions"},"body":"Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.16.0 to 2.19.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.16.0...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner\u0026package-manager=github_actions\u0026previous-version=2.16.0\u0026new-version=2.19.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/lfit/releng-docs-conf/pull/47","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/lfit%2Freleng-docs-conf/issues/47","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/47/packages"}},{"old_version":"2.19.3","new_version":"2.19.4","update_type":"patch","path":null,"pr_created_at":"2026-06-04T01:07:26.000Z","version_change":"2.19.3 → 2.19.4","issue":{"uuid":"4584887375","node_id":"PR_kwDOSQGDf87iesVW","number":233,"state":"closed","title":"chore(deps): bump the actions group with 4 updates","user":"dependabot[bot]","labels":["dependencies","github_actions","cla-signed"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-05T23:26:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-04T01:07:26.000Z","updated_at":"2026-06-05T23:27:00.000Z","time_to_close":166764,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"actions","update_count":4,"packages":[{"name":"step-security/harden-runner","old_version":"2.19.3","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/checkout","old_version":"6.0.2","new_version":"6.0.3","repository_url":"https://github.com/actions/checkout"},{"name":"github/codeql-action","old_version":"4.35.5","new_version":"4.36.1","repository_url":"https://github.com/github/codeql-action"},{"name":"changesets/action","old_version":"1.8.0","new_version":"1.9.0","repository_url":"https://github.com/changesets/action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 4 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [actions/checkout](https://github.com/actions/checkout), [github/codeql-action](https://github.com/github/codeql-action) and [changesets/action](https://github.com/changesets/action).\n\nUpdates `step-security/harden-runner` from 2.19.3 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/ab7a9404c0f3da075243ca237b5fac12c98deaa5...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 6.0.2 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824\"\u003e\u003ccode\u003e1cce339\u003c/code\u003e\u003c/a\u003e Fix checkout init for SHA-256 repositories (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2439\"\u003e#2439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231\"\u003e\u003ccode\u003e900f221\u003c/code\u003e\u003c/a\u003e fix: expand merge commit SHA regex and add SHA-256 test cases (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2414\"\u003e#2414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98\"\u003e\u003ccode\u003e0c366fd\u003c/code\u003e\u003c/a\u003e Update changelog (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2357\"\u003e#2357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.5 to 4.36.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.1\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.1 - 02 Jun 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/87557b9c84dde89fdd9b10e88954ac2f4248e463\"\u003e\u003ccode\u003e87557b9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3940\"\u003e#3940\u003c/a\u003e from github/update-v4.36.1-2a1689ed4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/94310119648b77e2153bf970fd244062806781de\"\u003e\u003ccode\u003e9431011\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2a1689ed43ccdf7eea07e03a75371ce6801d28e6\"\u003e\u003ccode\u003e2a1689e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3939\"\u003e#3939\u003c/a\u003e from github/henrymercer/skip-overlay-revert-when-exp...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/524532393a46071bdfc81527a811ffa69e16723a\"\u003e\u003ccode\u003e5245323\u003c/code\u003e\u003c/a\u003e Disable missing diff-ranges fallback when overlay enabled manually\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1eb1207b45130d2edf64a0aa1c93be23510592f\"\u003e\u003ccode\u003ed1eb120\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3933\"\u003e#3933\u003c/a\u003e from github/update-supported-enterprise-server-versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/115001ba8d0198846992657731666b08686c8ded\"\u003e\u003ccode\u003e115001b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3934\"\u003e#3934\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-minor-86fb5c...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/cef2e7a910879f4626a24b251504bde16bfe4e76\"\u003e\u003ccode\u003ecef2e7a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3925\"\u003e#3925\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/5e6adf70ed0299cdf20f90e4e37ac5dd30ab7501\"\u003e\u003ccode\u003e5e6adf7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3936\"\u003e#3936\u003c/a\u003e from github/dependabot/npm_and_yarn/tmp-0.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ad170e6c4eaf671895978420267d6cb49b66b706\"\u003e\u003ccode\u003ead170e6\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/github_actions/dot-github/workflows/actio...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6a37b3a57ac457a679b84930a67c233c15f5ac41\"\u003e\u003ccode\u003e6a37b3a\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/9e0d7b8d25671d64c341c19c0152d693099fb5ba...87557b9c84dde89fdd9b10e88954ac2f4248e463\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `changesets/action` from 1.8.0 to 1.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/changesets/action/releases\"\u003echangesets/action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.9.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/636\"\u003e#636\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/b072bccc4c664a373c42168eed9139dce1e003b1\"\u003e\u003ccode\u003eb072bcc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Add a new \u003ccode\u003e@changesets/action/pr-comment\u003c/code\u003e sub-action to comment on PRs\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/625\"\u003e#625\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/8795eee5eee884e887d352ac673a515ffe35aaa6\"\u003e\u003ccode\u003e8795eee\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Add a new \u003ccode\u003e@changesets/action/pr-status\u003c/code\u003e sub-action to generate the changeset status comment for PRs as an alternative to the \u003ca href=\"https://github.com/apps/changeset-bot\"\u003eChangesets Bot\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/535\"\u003e#535\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/34f64f6e2e1e47ddc183f174aa27c197aa47f520\"\u003e\u003ccode\u003e34f64f6\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Fixed an issue with GitHub releases not being created for successfully published packages when \u003cem\u003esome\u003c/em\u003e packages failed to be published to the registry.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/632\"\u003e#632\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/1d54b9e660e435237accbcae0b4581af3be641b4\"\u003e\u003ccode\u003e1d54b9e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Simplify internal implementation to get changelog entries for a package version\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/629\"\u003e#629\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/e0c90aa7fbd0cc26931a679c5abe9bbc0deb0b50\"\u003e\u003ccode\u003ee0c90aa\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Fix custom version and publish command argument parsing\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/645\"\u003e#645\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/f9585d966a9c7d2f668b97199990de6f885823cf\"\u003e\u003ccode\u003ef9585d9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Improved force-push handling when using \u003ccode\u003ecommitMode: \u0026quot;github-api\u0026quot;\u003c/code\u003e so updating an existing branch no longer temporarily resets the target branch to the base commit, avoiding cases where GitHub closes open pull requests during the update. This should remove a possibility of a GitHub state race that caused the force-pushed PRs not being reopened.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/changesets/action/blob/main/CHANGELOG.md\"\u003echangesets/action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e\u003ccode\u003e@​changesets/action\u003c/code\u003e\u003c/h1\u003e\n\u003ch2\u003e1.9.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/636\"\u003e#636\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/b072bccc4c664a373c42168eed9139dce1e003b1\"\u003e\u003ccode\u003eb072bcc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Add a new \u003ccode\u003e@changesets/action/pr-comment\u003c/code\u003e sub-action to comment on PRs\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/625\"\u003e#625\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/8795eee5eee884e887d352ac673a515ffe35aaa6\"\u003e\u003ccode\u003e8795eee\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Add a new \u003ccode\u003e@changesets/action/pr-status\u003c/code\u003e sub-action to generate the changeset status comment for PRs as an alternative to the \u003ca href=\"https://github.com/apps/changeset-bot\"\u003eChangesets Bot\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/535\"\u003e#535\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/34f64f6e2e1e47ddc183f174aa27c197aa47f520\"\u003e\u003ccode\u003e34f64f6\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Fixed an issue with GitHub releases not being created for successfully published packages when \u003cem\u003esome\u003c/em\u003e packages failed to be published to the registry.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/632\"\u003e#632\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/1d54b9e660e435237accbcae0b4581af3be641b4\"\u003e\u003ccode\u003e1d54b9e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Simplify internal implementation to get changelog entries for a package version\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/629\"\u003e#629\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/e0c90aa7fbd0cc26931a679c5abe9bbc0deb0b50\"\u003e\u003ccode\u003ee0c90aa\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/bluwy\"\u003e\u003ccode\u003e@​bluwy\u003c/code\u003e\u003c/a\u003e! - Fix custom version and publish command argument parsing\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/645\"\u003e#645\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/f9585d966a9c7d2f668b97199990de6f885823cf\"\u003e\u003ccode\u003ef9585d9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Improved force-push handling when using \u003ccode\u003ecommitMode: \u0026quot;github-api\u0026quot;\u003c/code\u003e so updating an existing branch no longer temporarily resets the target branch to the base commit, avoiding cases where GitHub closes open pull requests during the update. This should remove a possibility of a GitHub state race that caused the force-pushed PRs not being reopened.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.8.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/258\"\u003e#258\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/f5dbf72f96949cb0daf45152f0f63062df70e97d\"\u003e\u003ccode\u003ef5dbf72\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tom-sherman\"\u003e\u003ccode\u003e@​tom-sherman\u003c/code\u003e\u003c/a\u003e! - Support draft version PR modes with a new \u003ccode\u003eprDraft\u003c/code\u003e input. Use \u003ccode\u003ecreate\u003c/code\u003e to create new version PRs as drafts, or \u003ccode\u003ealways\u003c/code\u003e to also convert existing version PRs back to draft when updating them.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/502\"\u003e#502\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/6002dbd987f49a3c0a134910d9c7bca975b79977\"\u003e\u003ccode\u003e6002dbd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/oshytiko\"\u003e\u003ccode\u003e@​oshytiko\u003c/code\u003e\u003c/a\u003e! - Fixed initial \u003ccode\u003e.changeset\u003c/code\u003e state being picked up, when \u003ccode\u003ecwd\u003c/code\u003e parameter is provided\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/536\"\u003e#536\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/81b3f61ebffcb868f73e4c0b2682517149c834a2\"\u003e\u003ccode\u003e81b3f61\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/radnan\"\u003e\u003ccode\u003e@​radnan\u003c/code\u003e\u003c/a\u003e! - Fixed \u003ccode\u003e.changeset\u003c/code\u003e state being picked for the version command when \u003ccode\u003ecwd\u003c/code\u003e parameter is provided\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/564\"\u003e#564\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/935fe876b0054dfc962ac86bcddf028460040d46\"\u003e\u003ccode\u003e935fe87\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Automatically use the GitHub-provided token to allow most users to avoid explicit \u003ccode\u003eGITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\u003c/code\u003e configuration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/545\"\u003e#545\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/54220dd92c06e7da112b139f95d8beb933e4cdde\"\u003e\u003ccode\u003e54220dd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ryanbas21\"\u003e\u003ccode\u003e@​ryanbas21\u003c/code\u003e\u003c/a\u003e! - The \u003ccode\u003e.npmrc\u003c/code\u003e generation now intelligently handles both traditional NPM token authentication and trusted publishing scenarios by only appending the auth token when \u003ccode\u003eNPM_TOKEN\u003c/code\u003e is defined. This prevents 'undefined' from being written to the registry configuration when using OIDC tokens from GitHub Actions trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/563\"\u003e#563\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/6af4a7ec080d23ac6b304f69b67fd0aa92e089e7\"\u003e\u003ccode\u003e6af4a7e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Don't error on already committed symlinks and executables that stay untouched\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.6.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/558\"\u003e#558\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/342005d41242bccd9dd9ae8d3679efce96af48ae\"\u003e\u003ccode\u003e342005d\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/harsha-venugopal-ledn\"\u003e\u003ccode\u003e@​harsha-venugopal-ledn\u003c/code\u003e\u003c/a\u003e! - Upgrade from Node.js 20 to Node.js 24 LTS\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/a45c4d594aa4e2c509dc14a9f2b3b67ba3780d0d\"\u003e\u003ccode\u003ea45c4d5\u003c/code\u003e\u003c/a\u003e v1.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/b459b1eaa0a3889b4eea8af244304a64da6331ce\"\u003e\u003ccode\u003eb459b1e\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/changesets/action/issues/637\"\u003e#637\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/f9585d966a9c7d2f668b97199990de6f885823cf\"\u003e\u003ccode\u003ef9585d9\u003c/code\u003e\u003c/a\u003e Update \u003ccode\u003e@changesets/ghcommit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/changesets/action/issues/645\"\u003e#645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/020e8cc600a1e7e7b8b843654902f043f32387ea\"\u003e\u003ccode\u003e020e8cc\u003c/code\u003e\u003c/a\u003e Use internal bot for versioning (\u003ca href=\"https://redirect.github.com/changesets/action/issues/643\"\u003e#643\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/b072bccc4c664a373c42168eed9139dce1e003b1\"\u003e\u003ccode\u003eb072bcc\u003c/code\u003e\u003c/a\u003e Add simple PR comment sub-action (\u003ca href=\"https://redirect.github.com/changesets/action/issues/636\"\u003e#636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/8795eee5eee884e887d352ac673a515ffe35aaa6\"\u003e\u003ccode\u003e8795eee\u003c/code\u003e\u003c/a\u003e Comment changeset status in PRs (\u003ca href=\"https://redirect.github.com/changesets/action/issues/625\"\u003e#625\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/34f64f6e2e1e47ddc183f174aa27c197aa47f520\"\u003e\u003ccode\u003e34f64f6\u003c/code\u003e\u003c/a\u003e Fixed an issue with GitHub releases not being created for successfully publis...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/1d54b9e660e435237accbcae0b4581af3be641b4\"\u003e\u003ccode\u003e1d54b9e\u003c/code\u003e\u003c/a\u003e Simplify getChangelogEntry (\u003ca href=\"https://redirect.github.com/changesets/action/issues/632\"\u003e#632\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/031358f743b5a6199bd7a39bdc8b469280983df9\"\u003e\u003ccode\u003e031358f\u003c/code\u003e\u003c/a\u003e Update to typescript v6 (\u003ca href=\"https://redirect.github.com/changesets/action/issues/633\"\u003e#633\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/a0c05f7a4b1df776543903d7dca8e39cd787b30a\"\u003e\u003ccode\u003ea0c05f7\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​changesets/changelog-github\u003c/code\u003e from 0.5.2 to 0.7.0 (\u003ca href=\"https://redirect.github.com/changesets/action/issues/620\"\u003e#620\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/changesets/action/compare/63a615b9cd06ba9a3e6d13796c7fbcb080a60a0b...a45c4d594aa4e2c509dc14a9f2b3b67ba3780d0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/vex-protocol/vex-protocol/pull/233","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vex-protocol%2Fvex-protocol/issues/233","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/233/packages"}},{"old_version":"2.19.1","new_version":"2.19.4","update_type":"patch","path":null,"pr_created_at":"2026-06-03T19:09:30.000Z","version_change":"2.19.1 → 2.19.4","issue":{"uuid":"4582861306","node_id":"PR_kwDOL_9g-s7iX7ml","number":213,"state":"closed","title":"Bump the action-packages group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-08T00:54:00.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-03T19:09:30.000Z","updated_at":"2026-06-08T00:54:02.000Z","time_to_close":366270,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"action-packages","update_count":4,"packages":[{"name":"actions/checkout","old_version":"6.0.2","new_version":"6.0.3","repository_url":"https://github.com/actions/checkout"},{"name":"step-security/harden-runner","old_version":"2.19.1","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"github/codeql-action","old_version":"4.35.4","new_version":"4.36.1","repository_url":"https://github.com/github/codeql-action"},{"name":"codecov/codecov-action","old_version":"6.0.0","new_version":"6.0.1","repository_url":"https://github.com/codecov/codecov-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the action-packages group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [step-security/harden-runner](https://github.com/step-security/harden-runner), [github/codeql-action](https://github.com/github/codeql-action) and [codecov/codecov-action](https://github.com/codecov/codecov-action).\n\nUpdates `actions/checkout` from 6.0.2 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824\"\u003e\u003ccode\u003e1cce339\u003c/code\u003e\u003c/a\u003e Fix checkout init for SHA-256 repositories (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2439\"\u003e#2439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231\"\u003e\u003ccode\u003e900f221\u003c/code\u003e\u003c/a\u003e fix: expand merge commit SHA regex and add SHA-256 test cases (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2414\"\u003e#2414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98\"\u003e\u003ccode\u003e0c366fd\u003c/code\u003e\u003c/a\u003e Update changelog (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2357\"\u003e#2357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.2...v6.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `step-security/harden-runner` from 2.19.1 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/a5ad31d6a139d249332a2605b85202e8c0b78450...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.4 to 4.36.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.1\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.1 - 02 Jun 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/87557b9c84dde89fdd9b10e88954ac2f4248e463\"\u003e\u003ccode\u003e87557b9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3940\"\u003e#3940\u003c/a\u003e from github/update-v4.36.1-2a1689ed4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/94310119648b77e2153bf970fd244062806781de\"\u003e\u003ccode\u003e9431011\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2a1689ed43ccdf7eea07e03a75371ce6801d28e6\"\u003e\u003ccode\u003e2a1689e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3939\"\u003e#3939\u003c/a\u003e from github/henrymercer/skip-overlay-revert-when-exp...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/524532393a46071bdfc81527a811ffa69e16723a\"\u003e\u003ccode\u003e5245323\u003c/code\u003e\u003c/a\u003e Disable missing diff-ranges fallback when overlay enabled manually\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1eb1207b45130d2edf64a0aa1c93be23510592f\"\u003e\u003ccode\u003ed1eb120\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3933\"\u003e#3933\u003c/a\u003e from github/update-supported-enterprise-server-versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/115001ba8d0198846992657731666b08686c8ded\"\u003e\u003ccode\u003e115001b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3934\"\u003e#3934\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-minor-86fb5c...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/cef2e7a910879f4626a24b251504bde16bfe4e76\"\u003e\u003ccode\u003ecef2e7a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3925\"\u003e#3925\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/5e6adf70ed0299cdf20f90e4e37ac5dd30ab7501\"\u003e\u003ccode\u003e5e6adf7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3936\"\u003e#3936\u003c/a\u003e from github/dependabot/npm_and_yarn/tmp-0.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ad170e6c4eaf671895978420267d6cb49b66b706\"\u003e\u003ccode\u003ead170e6\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/github_actions/dot-github/workflows/actio...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6a37b3a57ac457a679b84930a67c233c15f5ac41\"\u003e\u003ccode\u003e6a37b3a\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...87557b9c84dde89fdd9b10e88954ac2f4248e463\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `codecov/codecov-action` from 6.0.0 to 6.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/releases\"\u003ecodecov/codecov-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: prevent template injection in run: steps (VULN-1652) by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1947\"\u003ecodecov/codecov-action#1947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 6.0.1 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1949\"\u003ecodecov/codecov-action#1949\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md\"\u003ecodecov/codecov-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.5.2\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.1\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: overwrite pr number on fork by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1871\"\u003ecodecov/codecov-action#1871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.2 to 5.0.0 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1868\"\u003ecodecov/codecov-action#1868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1867\"\u003ecodecov/codecov-action#1867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update to use local app/ dir by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1872\"\u003ecodecov/codecov-action#1872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typo in README by \u003ca href=\"https://github.com/datalater\"\u003e\u003ccode\u003e@​datalater\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1866\"\u003ecodecov/codecov-action#1866\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument a \u003ccode\u003ecodecov-cli\u003c/code\u003e version reference example by \u003ca href=\"https://github.com/webknjaz\"\u003e\u003ccode\u003e@​webknjaz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1774\"\u003ecodecov/codecov-action#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1861\"\u003ecodecov/codecov-action#1861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1833\"\u003ecodecov/codecov-action#1833\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.0\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat: upgrade wrapper to 0.2.4 by \u003ca href=\"https://github.com/jviall\"\u003e\u003ccode\u003e@​jviall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1864\"\u003ecodecov/codecov-action#1864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/github-script by Git SHA by \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1859\"\u003ecodecov/codecov-action#1859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: check reqs exist by \u003ca href=\"https://github.com/joseph-sentry\"\u003e\u003ccode\u003e@​joseph-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1835\"\u003ecodecov/codecov-action#1835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Typo in README by \u003ca href=\"https://github.com/spalmurray\"\u003e\u003ccode\u003e@​spalmurray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1838\"\u003ecodecov/codecov-action#1838\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Refine OIDC docs by \u003ca href=\"https://github.com/spalmurray\"\u003e\u003ccode\u003e@​spalmurray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1837\"\u003ecodecov/codecov-action#1837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1829\"\u003ecodecov/codecov-action#1829\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.4.3\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1822\"\u003ecodecov/codecov-action#1822\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: OIDC on forks by \u003ca href=\"https://github.com/joseph-sentry\"\u003e\u003ccode\u003e@​joseph-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1823\"\u003ecodecov/codecov-action#1823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.4.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/e79a6962e0d4c0c17b229090214935d2e33f8354\"\u003e\u003ccode\u003ee79a696\u003c/code\u003e\u003c/a\u003e chore(release): 6.0.1 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1949\"\u003e#1949\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/51e64229ac331acb0d7f7b17c67423995f991c79\"\u003e\u003ccode\u003e51e6422\u003c/code\u003e\u003c/a\u003e fix: prevent template injection in run: steps (VULN-1652) (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1947\"\u003e#1947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/codecov/codecov-action/compare/57e3a136b779b570ffcdbf80b3bdc90e7fab3de2...e79a6962e0d4c0c17b229090214935d2e33f8354\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/fiaisis/fia-auth/pull/213","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fiaisis%2Ffia-auth/issues/213","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/213/packages"}},{"old_version":"2.16.1","new_version":"2.19.4","update_type":"minor","path":null,"pr_created_at":"2026-06-03T06:26:21.000Z","version_change":"2.16.1 → 2.19.4","issue":{"uuid":"4577467303","node_id":"PR_kwDOSB24as7iGJa1","number":11,"state":"open","title":"ci: bump the actions-minor-patch group across 1 directory with 5 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-03T06:26:21.000Z","updated_at":"2026-06-03T06:26:43.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"ci: bump","group_name":"actions-minor-patch","update_count":5,"packages":[{"name":"step-security/harden-runner","old_version":"2.16.1","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/checkout","old_version":"6.0.2","new_version":"6.0.3","repository_url":"https://github.com/actions/checkout"},{"name":"github/codeql-action","old_version":"4.35.2","new_version":"4.36.1","repository_url":"https://github.com/github/codeql-action"},{"name":"sigstore/cosign-installer","old_version":"4.1.1","new_version":"4.1.2","repository_url":"https://github.com/sigstore/cosign-installer"},{"name":"zizmorcore/zizmor-action","old_version":"0.5.0","new_version":"0.5.6","repository_url":"https://github.com/zizmorcore/zizmor-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions-minor-patch group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.16.1` | `2.19.4` |\n| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.35.2` | `4.36.1` |\n| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.1.1` | `4.1.2` |\n| [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.0` | `0.5.6` |\n\n\nUpdates `step-security/harden-runner` from 2.16.1 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.16.1...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/checkout` from 6.0.2 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate changelog by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2357\"\u003eactions/checkout#2357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate changelog for v6.0.3 by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2446\"\u003eactions/checkout#2446\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.3\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix checkout init for SHA-256 repositories by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2439\"\u003eactions/checkout#2439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expand merge commit SHA regex and add SHA-256 test cases by \u003ca href=\"https://github.com/yaananth\"\u003e\u003ccode\u003e@​yaananth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2414\"\u003eactions/checkout#2414\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003e\u003ccode\u003edf4cb1c\u003c/code\u003e\u003c/a\u003e Update changelog for v6.0.3 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2446\"\u003e#2446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824\"\u003e\u003ccode\u003e1cce339\u003c/code\u003e\u003c/a\u003e Fix checkout init for SHA-256 repositories (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2439\"\u003e#2439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231\"\u003e\u003ccode\u003e900f221\u003c/code\u003e\u003c/a\u003e fix: expand merge commit SHA regex and add SHA-256 test cases (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2414\"\u003e#2414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98\"\u003e\u003ccode\u003e0c366fd\u003c/code\u003e\u003c/a\u003e Update changelog (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2357\"\u003e#2357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.2 to 4.36.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.1\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.1 - 02 Jun 2026\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/87557b9c84dde89fdd9b10e88954ac2f4248e463\"\u003e\u003ccode\u003e87557b9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3940\"\u003e#3940\u003c/a\u003e from github/update-v4.36.1-2a1689ed4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/94310119648b77e2153bf970fd244062806781de\"\u003e\u003ccode\u003e9431011\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2a1689ed43ccdf7eea07e03a75371ce6801d28e6\"\u003e\u003ccode\u003e2a1689e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3939\"\u003e#3939\u003c/a\u003e from github/henrymercer/skip-overlay-revert-when-exp...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/524532393a46071bdfc81527a811ffa69e16723a\"\u003e\u003ccode\u003e5245323\u003c/code\u003e\u003c/a\u003e Disable missing diff-ranges fallback when overlay enabled manually\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1eb1207b45130d2edf64a0aa1c93be23510592f\"\u003e\u003ccode\u003ed1eb120\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3933\"\u003e#3933\u003c/a\u003e from github/update-supported-enterprise-server-versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/115001ba8d0198846992657731666b08686c8ded\"\u003e\u003ccode\u003e115001b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3934\"\u003e#3934\u003c/a\u003e from github/dependabot/npm_and_yarn/npm-minor-86fb5c...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/cef2e7a910879f4626a24b251504bde16bfe4e76\"\u003e\u003ccode\u003ecef2e7a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3925\"\u003e#3925\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/5e6adf70ed0299cdf20f90e4e37ac5dd30ab7501\"\u003e\u003ccode\u003e5e6adf7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3936\"\u003e#3936\u003c/a\u003e from github/dependabot/npm_and_yarn/tmp-0.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ad170e6c4eaf671895978420267d6cb49b66b706\"\u003e\u003ccode\u003ead170e6\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/github_actions/dot-github/workflows/actio...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6a37b3a57ac457a679b84930a67c233c15f5ac41\"\u003e\u003ccode\u003e6a37b3a\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/95e58e9a2cdfd71adc6e0353d5c52f41a045d225...87557b9c84dde89fdd9b10e88954ac2f4248e463\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sigstore/cosign-installer` from 4.1.1 to 4.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sigstore/cosign-installer/releases\"\u003esigstore/cosign-installer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump cosign to 3.0.6 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/232\"\u003esigstore/cosign-installer#232\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003e\u003ccode\u003e6f9f177\u003c/code\u003e\u003c/a\u003e Bump cosign to 3.0.6 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/b5e753ae2d39589c7b38850b463739151fc67f07\"\u003e\u003ccode\u003eb5e753a\u003c/code\u003e\u003c/a\u003e Bump actions/github-script from 8.0.0 to 9.0.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/230\"\u003e#230\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/115e4ce455e573aa6e9ba51e8d040ddd5c1378af\"\u003e\u003ccode\u003e115e4ce\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 6.3.0 to 6.4.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003...6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmorcore/zizmor-action` from 0.5.0 to 0.5.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor-action/releases\"\u003ezizmorcore/zizmor-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e1.25.2 is now available via the action\u003c/li\u003e\n\u003cli\u003e1.25.2 is now the default version of zizmor used by the action\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.5.5\u003c/h2\u003e\n\u003cp\u003eThis is a no-op release.\u003c/p\u003e\n\u003ch2\u003ev0.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e1.25.0 is now available via the action\u003c/li\u003e\n\u003cli\u003e1.25.0 is now the default version of zizmor used by the action\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.5.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e1.24.0\u003c/code\u003e and \u003ccode\u003e1.24.1\u003c/code\u003e are now available via the action\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e1.24.1\u003c/code\u003e is now the default version of zizmor used by the action\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.5.2...v0.5.3\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.5.2...v0.5.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.5.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor 1.23.1 is now the default used by this action.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.5.1...v0.5.2\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.5.1...v0.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ezizmor 1.23.0 is now the default used by this action.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/v0.5.0...v0.5.1\"\u003ehttps://github.com/zizmorcore/zizmor-action/compare/v0.5.0...v0.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/5f14fd08f7cf1cb1609c1e344975f152c7ee938d\"\u003e\u003ccode\u003e5f14fd0\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/114\"\u003e#114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/a16621b09c6db4281f81a93cb393b05dcd7b7165\"\u003e\u003ccode\u003ea16621b\u003c/code\u003e\u003c/a\u003e Bump pins in README (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/112\"\u003e#112\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/1c03e047a3633631b1e5648c48243045b1de0d25\"\u003e\u003ccode\u003e1c03e04\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3 in the github-ac...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/b572f7b1a1c2d41efaab43d504f68d215c3cd727\"\u003e\u003ccode\u003eb572f7b\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/06928c5dcba418c7d6108a4bd6e2d34cbf3c9377\"\u003e\u003ccode\u003e06928c5\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action in the github-actions group (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/109\"\u003e#109\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/5ea8b96e1078453e04a1b81443890d9e7da5ddf3\"\u003e\u003ccode\u003e5ea8b96\u003c/code\u003e\u003c/a\u003e docs: Update link to GitHub docs (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/108\"\u003e#108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/849ac260951adeb7c02481da6c7e749b39f4ea6d\"\u003e\u003ccode\u003e849ac26\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/106\"\u003e#106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/814f9778aceea8641503a8cd8f0cffebc55d790c\"\u003e\u003ccode\u003e814f977\u003c/code\u003e\u003c/a\u003e Bump pins in README (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/b1d7e1fb5de872772f31590499237e7cce841e8e\"\u003e\u003ccode\u003eb1d7e1f\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/a195b57475917ddcb70845e5ffe1c3a15dbbdedc\"\u003e\u003ccode\u003ea195b57\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d...5f14fd08f7cf1cb1609c1e344975f152c7ee938d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/parley-wallet/parley-protocol-spec/pull/11","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/parley-wallet%2Fparley-protocol-spec/issues/11","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11/packages"}},{"old_version":"2.19.1","new_version":"2.19.4","update_type":"patch","path":null,"pr_created_at":"2026-06-03T03:12:27.000Z","version_change":"2.19.1 → 2.19.4","issue":{"uuid":"4576568881","node_id":"PR_kwDOPiJIA87iDORv","number":43,"state":"open","title":"deps: Bump the actions group with 3 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-03T03:12:27.000Z","updated_at":"2026-06-03T03:12:42.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps: Bump","group_name":"actions","update_count":3,"packages":[{"name":"step-security/harden-runner","old_version":"2.19.1","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"KineticCafe/actions-dco","old_version":"3.0.0","new_version":"3.1.0","repository_url":"https://github.com/kineticcafe/actions-dco"},{"name":"zizmorcore/zizmor-action","old_version":"0.5.3","new_version":"0.5.6","repository_url":"https://github.com/zizmorcore/zizmor-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [KineticCafe/actions-dco](https://github.com/kineticcafe/actions-dco) and [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action).\n\nUpdates `step-security/harden-runner` from 2.19.1 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/a5ad31d6a139d249332a2605b85202e8c0b78450...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `KineticCafe/actions-dco` from 3.0.0 to 3.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kineticcafe/actions-dco/releases\"\u003eKineticCafe/actions-dco's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.0: Performance and Better Summaries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReshaped the sign-off summary written to the action and optionally as a commit comment. The message as added with 3.0.0 was accurate but meaningless. It has now be modified to produce meaningful summaries.\u003c/p\u003e\n\u003cp\u003eEach commit that fails (up to X commits) will be included in a DCO failure table:\u003c/p\u003e\n\u003cpre lang=\"markdown\"\u003e\u003ccode\u003e| Commit     | Subject                       | Issue                    |\r\n| ---------- | ----------------------------- | ------------------------ |\r\n| `ff882225` | deps: Bump the actions group… | No Signed-off-by trailer |\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eWhen commits are passed, skipped or exempt, they are included in a \u0026quot;pass\u0026quot; table grouped by the identity responsible that signed off:\u003c/p\u003e\n\u003cpre lang=\"markdown\"\u003e\u003ccode\u003e| Identity                | Commits                        |\r\n| ----------------------- | ------------------------------ |\r\n| dependabot[bot]         | 1 (bot, skipped)               |\r\n| Alice \u0026lt;al…@example.org\u0026gt; | 2 (signed off)                 |\r\n| Bob \u0026lt;bob@example.com\u0026gt;   | 1 (exempt domain @example.com) |\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe comment will be headed with a subject indicating that the check was successful or failed as a whole.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a pathological bug where parsing trailers in Lenient mode would result in quadratic time parsing. This wouldn't have been noticeable initially except for a separate bug where some experimental minimal AI assistant checking was always executed and ran trailer parsing in Lenient mode, even though the default trailer parsing rule is Strict.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eWe apologize for the fault in the subtitles. Those responsible have been sacked.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eThis has been resolved by improving the parsing to operate on split graphemes, and all trailer parsing has been modified to short circuit on the block (if a trailer is not present on the first line of the block, it's not a trailer block) and the line (trailers must have \u003ccode\u003e:\u003c/code\u003e; if not present, it's not a trailer line).\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eWe apologize again for the fault in the subtitles. Those responsible for sacking the people who have just been sacked have been sacked.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eThis results in a 4½x improvement in Strict trailer parsing and a 11x improvement in Lenient trailer parsing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded additional debug messages.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpgraded to pontil 2 and \u003ccode\u003epontil_summary\u003c/code\u003e 1.1 and modified the CLI to use an improved ANSI-aware output mode.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: Reshaped sign-off summary and performance fixes by \u003ca href=\"https://github.com/halostatue\"\u003e\u003ccode\u003e@​halostatue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/KineticCafe/actions-dco/pull/213\"\u003eKineticCafe/actions-dco#213\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/KineticCafe/actions-dco/compare/v3.0.0...v3.1.0\"\u003ehttps://github.com/KineticCafe/actions-dco/compare/v3.0.0...v3.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/KineticCafe/actions-dco/blob/main/CHANGELOG.md\"\u003eKineticCafe/actions-dco's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eKineticCafe/actions-dco Changelog\u003c/h1\u003e\n\u003ch2\u003e3.1.0 / 2026-05-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eReshaped the sign-off summary written to the action and optionally as a commit\ncomment. The message as added with 3.0.0 was accurate but meaningless. It has\nnow be modified to produce meaningful summaries.\u003c/p\u003e\n\u003cp\u003eEach commit that fails (up to X commits) will be included in a DCO failure\ntable:\u003c/p\u003e\n\u003cpre lang=\"markdown\"\u003e\u003ccode\u003e| Commit     | Subject                       | Issue                    |\n| ---------- | ----------------------------- | ------------------------ |\n| `ff882225` | deps: Bump the actions group… | No Signed-off-by trailer |\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eWhen commits are passed, skipped or exempt, they are included in a \u0026quot;pass\u0026quot;\ntable grouped by the identity responsible that signed off:\u003c/p\u003e\n\u003cpre lang=\"markdown\"\u003e\u003ccode\u003e| Identity                | Commits                        |\n| ----------------------- | ------------------------------ |\n| dependabot[bot]         | 1 (bot, skipped)               |\n| Alice \u0026lt;al…@example.org\u0026gt; | 2 (signed off)                 |\n| Bob \u0026lt;bob@example.com\u0026gt;   | 1 (exempt domain @example.com) |\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe comment will be headed with a subject indicating that the check was\nsuccessful or failed as a whole.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a pathological bug where parsing trailers in Lenient mode would result\nin quadratic time parsing. This wouldn't have been noticeable initially except\nfor a separate bug where some experimental minimal AI assistant checking was\nalways executed and ran trailer parsing in Lenient mode, even though the\ndefault trailer parsing rule is Strict.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eWe apologize for the fault in the subtitles. Those responsible have been\nsacked.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eThis has been resolved by improving the parsing to operate on split graphemes,\nand all trailer parsing has been modified to short circuit on the block (if a\ntrailer is not present on the first line of the block, it's not a trailer\nblock) and the line (trailers must have \u003ccode\u003e:\u003c/code\u003e; if not present, it's not a\ntrailer line).\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eWe apologize again for the fault in the subtitles. Those responsible for\nsacking the people who have just been sacked have been sacked.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eThis results in a 4½x improvement in Strict trailer parsing and a 11x\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/KineticCafe/actions-dco/commit/1da04282bbf757dab7d92a5c8535dbfb8113da5c\"\u003e\u003ccode\u003e1da0428\u003c/code\u003e\u003c/a\u003e feat: Reshaped sign-off summary and performance fixes\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/kineticcafe/actions-dco/compare/f7fe2fdfb5808e2528042be3919b67079100b96b...1da04282bbf757dab7d92a5c8535dbfb8113da5c\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmorcore/zizmor-action` from 0.5.3 to 0.5.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor-action/releases\"\u003ezizmorcore/zizmor-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e1.25.2 is now available via the action\u003c/li\u003e\n\u003cli\u003e1.25.2 is now the default version of zizmor used by the action\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.5.5\u003c/h2\u003e\n\u003cp\u003eThis is a no-op release.\u003c/p\u003e\n\u003ch2\u003ev0.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e1.25.0 is now available via the action\u003c/li\u003e\n\u003cli\u003e1.25.0 is now the default version of zizmor used by the action\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/5f14fd08f7cf1cb1609c1e344975f152c7ee938d\"\u003e\u003ccode\u003e5f14fd0\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/114\"\u003e#114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/a16621b09c6db4281f81a93cb393b05dcd7b7165\"\u003e\u003ccode\u003ea16621b\u003c/code\u003e\u003c/a\u003e Bump pins in README (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/112\"\u003e#112\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/1c03e047a3633631b1e5648c48243045b1de0d25\"\u003e\u003ccode\u003e1c03e04\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3 in the github-ac...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/b572f7b1a1c2d41efaab43d504f68d215c3cd727\"\u003e\u003ccode\u003eb572f7b\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/06928c5dcba418c7d6108a4bd6e2d34cbf3c9377\"\u003e\u003ccode\u003e06928c5\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action in the github-actions group (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/109\"\u003e#109\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/5ea8b96e1078453e04a1b81443890d9e7da5ddf3\"\u003e\u003ccode\u003e5ea8b96\u003c/code\u003e\u003c/a\u003e docs: Update link to GitHub docs (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/108\"\u003e#108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/849ac260951adeb7c02481da6c7e749b39f4ea6d\"\u003e\u003ccode\u003e849ac26\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/106\"\u003e#106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/814f9778aceea8641503a8cd8f0cffebc55d790c\"\u003e\u003ccode\u003e814f977\u003c/code\u003e\u003c/a\u003e Bump pins in README (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/b1d7e1fb5de872772f31590499237e7cce841e8e...5f14fd08f7cf1cb1609c1e344975f152c7ee938d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/halostatue/mnemonist/pull/43","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/halostatue%2Fmnemonist/issues/43","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/43/packages"}},{"old_version":"2.17.0","new_version":"2.19.4","update_type":"minor","path":null,"pr_created_at":"2026-06-02T22:57:18.000Z","version_change":"2.17.0 → 2.19.4","issue":{"uuid":"4575544383","node_id":"PR_kwDOSnvzYc7h_6uD","number":7,"state":"closed","title":"chore(deps): bump step-security/harden-runner from 2.17.0 to 2.19.4","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":"2026-06-04T21:28:47.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-02T22:57:18.000Z","updated_at":"2026-06-04T21:28:56.000Z","time_to_close":167489,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"step-security/harden-runner","old_version":"2.17.0","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"}],"path":null,"ecosystem":"actions"},"body":"Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.17.0 to 2.19.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/harden-runner/compare/f808768d1510423e83855289c910610ca9b43176...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/abysslink/abysslink/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/abysslink%2Fabysslink/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}},{"old_version":"2.19.0","new_version":"2.19.4","update_type":"patch","path":null,"pr_created_at":"2026-06-01T16:53:34.000Z","version_change":"2.19.0 → 2.19.4","issue":{"uuid":"4564850909","node_id":"PR_kwDODHZR0s7hc1Dt","number":414,"state":"closed","title":"build(deps): bump step-security/harden-runner from 2.19.0 to 2.19.4","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-02T05:32:56.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-01T16:53:34.000Z","updated_at":"2026-06-02T05:32:58.000Z","time_to_close":45562,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"step-security/harden-runner","old_version":"2.19.0","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"}],"path":null,"ecosystem":"actions"},"body":"Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.19.0 to 2.19.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/376d25a97f3a1640ff8cbbddaa4af25948df2cf3\"\u003e\u003ccode\u003e376d25a\u003c/code\u003e\u003c/a\u003e fix: detect ubuntu-slim runners early and bail out\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/8d3c67de8e2fe68ef647c8db1e6a09f647780f40...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner\u0026package-manager=github_actions\u0026previous-version=2.19.0\u0026new-version=2.19.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/utilitywarehouse/vault-kube-cloud-credentials/pull/414","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/utilitywarehouse%2Fvault-kube-cloud-credentials/issues/414","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/414/packages"}},{"old_version":"2.19.1","new_version":"2.19.4","update_type":"patch","path":null,"pr_created_at":"2026-06-01T11:22:43.000Z","version_change":"2.19.1 → 2.19.4","issue":{"uuid":"4562662089","node_id":"PR_kwDOQQqoYs7hVqgi","number":103,"state":"open","title":"chore(ci)(deps): bump step-security/harden-runner from 2.19.1 to 2.19.4","user":"dependabot[bot]","labels":["dependencies"],"assignees":["dytsou"],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-01T11:22:43.000Z","updated_at":"2026-06-02T01:18:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(ci)(deps)","packages":[{"name":"step-security/harden-runner","old_version":"2.19.1","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"}],"path":null,"ecosystem":"actions"},"body":"Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.19.1 to 2.19.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/a5ad31d6a139d249332a2605b85202e8c0b78450...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/dytsou/intern-corner-scheduler/pull/103","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dytsou%2Fintern-corner-scheduler/issues/103","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/103/packages"}},{"old_version":"2.19.1","new_version":"2.19.4","update_type":"patch","path":null,"pr_created_at":"2026-06-01T06:06:58.000Z","version_change":"2.19.1 → 2.19.4","issue":{"uuid":"4560759726","node_id":"PR_kwDONuWMVs7hPgip","number":68,"state":"open","title":"deps: Bump the actions group with 7 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-01T06:06:58.000Z","updated_at":"2026-06-01T06:07:15.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps: Bump","group_name":"actions","update_count":7,"packages":[{"name":"step-security/harden-runner","old_version":"2.19.1","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"fish-shop/install-fish-shell","old_version":"2.1.13","new_version":"2.1.16","repository_url":"https://github.com/fish-shop/install-fish-shell"},{"name":"fish-shop/indent-check","old_version":"2.2.104","new_version":"2.2.107","repository_url":"https://github.com/fish-shop/indent-check"},{"name":"fish-shop/syntax-check","old_version":"2.2.102","new_version":"2.2.105","repository_url":"https://github.com/fish-shop/syntax-check"},{"name":"fish-shop/install-plugin","old_version":"2.3.106","new_version":"2.3.109","repository_url":"https://github.com/fish-shop/install-plugin"},{"name":"fish-shop/run-fishtape-tests","old_version":"2.3.106","new_version":"2.3.109","repository_url":"https://github.com/fish-shop/run-fishtape-tests"},{"name":"zizmorcore/zizmor-action","old_version":"0.5.3","new_version":"0.5.6","repository_url":"https://github.com/zizmorcore/zizmor-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 7 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.19.1` | `2.19.4` |\n| [fish-shop/install-fish-shell](https://github.com/fish-shop/install-fish-shell) | `2.1.13` | `2.1.16` |\n| [fish-shop/indent-check](https://github.com/fish-shop/indent-check) | `2.2.104` | `2.2.107` |\n| [fish-shop/syntax-check](https://github.com/fish-shop/syntax-check) | `2.2.102` | `2.2.105` |\n| [fish-shop/install-plugin](https://github.com/fish-shop/install-plugin) | `2.3.106` | `2.3.109` |\n| [fish-shop/run-fishtape-tests](https://github.com/fish-shop/run-fishtape-tests) | `2.3.106` | `2.3.109` |\n| [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.3` | `0.5.6` |\n\nUpdates `step-security/harden-runner` from 2.19.1 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/a5ad31d6a139d249332a2605b85202e8c0b78450...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fish-shop/install-fish-shell` from 2.1.13 to 2.1.16\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fish-shop/install-fish-shell/releases\"\u003efish-shop/install-fish-shell's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.16\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 6 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/install-fish-shell/pull/296\"\u003efish-shop/install-fish-shell#296\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/install-fish-shell/compare/v2.1.15...v2.1.16\"\u003ehttps://github.com/fish-shop/install-fish-shell/compare/v2.1.15...v2.1.16\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.1.15\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 6 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/install-fish-shell/pull/294\"\u003efish-shop/install-fish-shell#294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/install-fish-shell/compare/v2.1.14...v2.1.15\"\u003ehttps://github.com/fish-shop/install-fish-shell/compare/v2.1.14...v2.1.15\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.1.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 6 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/install-fish-shell/pull/292\"\u003efish-shop/install-fish-shell#292\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/install-fish-shell/compare/v2.1.13...v2.1.14\"\u003ehttps://github.com/fish-shop/install-fish-shell/compare/v2.1.13...v2.1.14\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-fish-shell/commit/3d3495a8edde019283ece78087c4da133d03dd57\"\u003e\u003ccode\u003e3d3495a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/install-fish-shell/issues/296\"\u003e#296\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-fish-shell/commit/b0e7fef56698ae08767ab8ae32ce45aa145b16e4\"\u003e\u003ccode\u003eb0e7fef\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 6 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-fish-shell/commit/4e4a4a9127862ce294c435ed52429a3967df8f02\"\u003e\u003ccode\u003e4e4a4a9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/install-fish-shell/issues/294\"\u003e#294\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-fish-shell/commit/524e2bbecb7576d2063db6767e30e2fc03ace6e7\"\u003e\u003ccode\u003e524e2bb\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 6 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-fish-shell/commit/b22f7fc0d660c162ad8a282be229ac28e85c6429\"\u003e\u003ccode\u003eb22f7fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/install-fish-shell/issues/292\"\u003e#292\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-fish-shell/commit/a000f8c44e59811ffb27c47cbf5f9788ec7b46b4\"\u003e\u003ccode\u003ea000f8c\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 6 updates\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fish-shop/install-fish-shell/compare/fe67e809bbaa60cd967a424635fd5baed7e59e63...3d3495a8edde019283ece78087c4da133d03dd57\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fish-shop/indent-check` from 2.2.104 to 2.2.107\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fish-shop/indent-check/releases\"\u003efish-shop/indent-check's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.107\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group across 1 directory with 8 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/indent-check/pull/282\"\u003efish-shop/indent-check#282\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/indent-check/compare/v2.2.106...v2.2.107\"\u003ehttps://github.com/fish-shop/indent-check/compare/v2.2.106...v2.2.107\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.106\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group across 1 directory with 8 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/indent-check/pull/279\"\u003efish-shop/indent-check#279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/indent-check/compare/v2.2.105...v2.2.106\"\u003ehttps://github.com/fish-shop/indent-check/compare/v2.2.105...v2.2.106\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.105\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 7 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/indent-check/pull/276\"\u003efish-shop/indent-check#276\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/indent-check/compare/v2.2.104...v2.2.105\"\u003ehttps://github.com/fish-shop/indent-check/compare/v2.2.104...v2.2.105\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/indent-check/commit/db90fa808dfeb434620e553dec75ba0967a557e8\"\u003e\u003ccode\u003edb90fa8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/indent-check/issues/282\"\u003e#282\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/indent-check/commit/5117c891662d527bf445f5e7c2f87b8f16aaa543\"\u003e\u003ccode\u003e5117c89\u003c/code\u003e\u003c/a\u003e Bump the version-updates group across 1 directory with 8 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/indent-check/commit/9d96b57c7d28b7a1a4d63a041d512040f7bb6e04\"\u003e\u003ccode\u003e9d96b57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/indent-check/issues/279\"\u003e#279\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/indent-check/commit/e73bb742870dc1d649b43aed4849b973ec4aaf74\"\u003e\u003ccode\u003ee73bb74\u003c/code\u003e\u003c/a\u003e Bump the version-updates group across 1 directory with 8 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/indent-check/commit/de84b3764f9f8ef7bfa3aebf5e31dfd6f22df047\"\u003e\u003ccode\u003ede84b37\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/indent-check/issues/276\"\u003e#276\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/indent-check/commit/62ce8500932bec4b9ea34029a93cc3400d109973\"\u003e\u003ccode\u003e62ce850\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 7 updates\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fish-shop/indent-check/compare/40900dadd983f5747a6e5fc4d80f9e3d5ce64c6e...db90fa808dfeb434620e553dec75ba0967a557e8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fish-shop/syntax-check` from 2.2.102 to 2.2.105\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fish-shop/syntax-check/releases\"\u003efish-shop/syntax-check's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.105\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 7 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/syntax-check/pull/368\"\u003efish-shop/syntax-check#368\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/syntax-check/compare/v2.2.104...v2.2.105\"\u003ehttps://github.com/fish-shop/syntax-check/compare/v2.2.104...v2.2.105\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.104\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 7 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/syntax-check/pull/366\"\u003efish-shop/syntax-check#366\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/syntax-check/compare/v2.2.103...v2.2.104\"\u003ehttps://github.com/fish-shop/syntax-check/compare/v2.2.103...v2.2.104\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.103\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 7 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/syntax-check/pull/364\"\u003efish-shop/syntax-check#364\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/syntax-check/compare/v2.2.102...v2.2.103\"\u003ehttps://github.com/fish-shop/syntax-check/compare/v2.2.102...v2.2.103\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/syntax-check/commit/f74533521a177bc1047ea185e97dce5e89a643bd\"\u003e\u003ccode\u003ef745335\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/syntax-check/issues/368\"\u003e#368\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/syntax-check/commit/4be0ed9df37f2fef999664f42a0048d88022a341\"\u003e\u003ccode\u003e4be0ed9\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 7 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/syntax-check/commit/7f201010edb63d676371cae9f5307a9cfdb84959\"\u003e\u003ccode\u003e7f20101\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/syntax-check/issues/366\"\u003e#366\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/syntax-check/commit/bd04b2f16e4fedd78bc011e8dc4e06f6695da302\"\u003e\u003ccode\u003ebd04b2f\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 7 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/syntax-check/commit/1f0feb78ecd110df86efeeff0adcfdda177ea29d\"\u003e\u003ccode\u003e1f0feb7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/syntax-check/issues/364\"\u003e#364\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/syntax-check/commit/32997025757f71a60459a6a5c0eeb871a48e4faf\"\u003e\u003ccode\u003e3299702\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 7 updates\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fish-shop/syntax-check/compare/7566d3ae834a316caf3adc590743ef5d90416c0a...f74533521a177bc1047ea185e97dce5e89a643bd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fish-shop/install-plugin` from 2.3.106 to 2.3.109\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fish-shop/install-plugin/releases\"\u003efish-shop/install-plugin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.3.109\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group across 1 directory with 8 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/install-plugin/pull/406\"\u003efish-shop/install-plugin#406\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/install-plugin/compare/v2.3.108...v2.3.109\"\u003ehttps://github.com/fish-shop/install-plugin/compare/v2.3.108...v2.3.109\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.3.108\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 8 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/install-plugin/pull/403\"\u003efish-shop/install-plugin#403\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/install-plugin/compare/v2.3.107...v2.3.108\"\u003ehttps://github.com/fish-shop/install-plugin/compare/v2.3.107...v2.3.108\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.3.107\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 8 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/install-plugin/pull/401\"\u003efish-shop/install-plugin#401\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/install-plugin/compare/v2.3.106...v2.3.107\"\u003ehttps://github.com/fish-shop/install-plugin/compare/v2.3.106...v2.3.107\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-plugin/commit/806063062927836938c02961c86c4aef0c760f3d\"\u003e\u003ccode\u003e8060630\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/install-plugin/issues/406\"\u003e#406\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-plugin/commit/d75e42eb078e5d520678e5443c7b24c308758d79\"\u003e\u003ccode\u003ed75e42e\u003c/code\u003e\u003c/a\u003e Bump the version-updates group across 1 directory with 8 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-plugin/commit/5c794185a83e048dd1d74684fecf8ce200a29a3f\"\u003e\u003ccode\u003e5c79418\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/install-plugin/issues/403\"\u003e#403\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-plugin/commit/b7cc81b52ac8461d508e957427f935162f218790\"\u003e\u003ccode\u003eb7cc81b\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 8 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-plugin/commit/9c9cb0c0cb18c67f701769267cea6c81e820affe\"\u003e\u003ccode\u003e9c9cb0c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/install-plugin/issues/401\"\u003e#401\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/install-plugin/commit/199d11f0f49e61e1cc6589cd9bcb5d912e6eeeb4\"\u003e\u003ccode\u003e199d11f\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 8 updates\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fish-shop/install-plugin/compare/54ee6568771da6525643d7f97d371a1b117a0aff...806063062927836938c02961c86c4aef0c760f3d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fish-shop/run-fishtape-tests` from 2.3.106 to 2.3.109\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/releases\"\u003efish-shop/run-fishtape-tests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.3.109\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 8 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/run-fishtape-tests/pull/393\"\u003efish-shop/run-fishtape-tests#393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/compare/v2.3.108...v2.3.109\"\u003ehttps://github.com/fish-shop/run-fishtape-tests/compare/v2.3.108...v2.3.109\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.3.108\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 8 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/run-fishtape-tests/pull/391\"\u003efish-shop/run-fishtape-tests#391\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/compare/v2.3.107...v2.3.108\"\u003ehttps://github.com/fish-shop/run-fishtape-tests/compare/v2.3.107...v2.3.108\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.3.107\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the version-updates group with 8 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fish-shop/run-fishtape-tests/pull/389\"\u003efish-shop/run-fishtape-tests#389\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/compare/v2.3.106...v2.3.107\"\u003ehttps://github.com/fish-shop/run-fishtape-tests/compare/v2.3.106...v2.3.107\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/commit/c23b1de96c5ad65f8601d4030f8d2b2200e23a5d\"\u003e\u003ccode\u003ec23b1de\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/run-fishtape-tests/issues/393\"\u003e#393\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/commit/5a5f7319fa769dde2e1cda2096272192fbf646da\"\u003e\u003ccode\u003e5a5f731\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 8 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/commit/1cd6303541c19d718f018a24a5e3556066d724c2\"\u003e\u003ccode\u003e1cd6303\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/run-fishtape-tests/issues/391\"\u003e#391\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/commit/4cce70e945c12b1e07e7d1dca88104bae860e9ec\"\u003e\u003ccode\u003e4cce70e\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 8 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/commit/ec22fd53fe78bebf76d10f107a96789c08dcdda8\"\u003e\u003ccode\u003eec22fd5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fish-shop/run-fishtape-tests/issues/389\"\u003e#389\u003c/a\u003e from fish-shop/dependabot/github_actions/version-upda...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/commit/7f5d343d678674fe4557d216291b3bc3f596535a\"\u003e\u003ccode\u003e7f5d343\u003c/code\u003e\u003c/a\u003e Bump the version-updates group with 8 updates\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fish-shop/run-fishtape-tests/compare/b8a56010ff103dd7ebe8e068bae0a7e70c1c3ad8...c23b1de96c5ad65f8601d4030f8d2b2200e23a5d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zizmorcore/zizmor-action` from 0.5.3 to 0.5.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zizmorcore/zizmor-action/releases\"\u003ezizmorcore/zizmor-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e1.25.2 is now available via the action\u003c/li\u003e\n\u003cli\u003e1.25.2 is now the default version of zizmor used by the action\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.5.5\u003c/h2\u003e\n\u003cp\u003eThis is a no-op release.\u003c/p\u003e\n\u003ch2\u003ev0.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e1.25.0 is now available via the action\u003c/li\u003e\n\u003cli\u003e1.25.0 is now the default version of zizmor used by the action\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/5f14fd08f7cf1cb1609c1e344975f152c7ee938d\"\u003e\u003ccode\u003e5f14fd0\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/114\"\u003e#114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/a16621b09c6db4281f81a93cb393b05dcd7b7165\"\u003e\u003ccode\u003ea16621b\u003c/code\u003e\u003c/a\u003e Bump pins in README (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/112\"\u003e#112\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/1c03e047a3633631b1e5648c48243045b1de0d25\"\u003e\u003ccode\u003e1c03e04\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3 in the github-ac...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/b572f7b1a1c2d41efaab43d504f68d215c3cd727\"\u003e\u003ccode\u003eb572f7b\u003c/code\u003e\u003c/a\u003e Sync zizmor versions (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/06928c5dcba418c7d6108a4bd6e2d34cbf3c9377\"\u003e\u003ccode\u003e06928c5\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action in the github-actions group (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/109\"\u003e#109\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/5ea8b96e1078453e04a1b81443890d9e7da5ddf3\"\u003e\u003ccode\u003e5ea8b96\u003c/code\u003e\u003c/a\u003e docs: Update link to GitHub docs (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/108\"\u003e#108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/849ac260951adeb7c02481da6c7e749b39f4ea6d\"\u003e\u003ccode\u003e849ac26\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/106\"\u003e#106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/zizmorcore/zizmor-action/commit/814f9778aceea8641503a8cd8f0cffebc55d790c\"\u003e\u003ccode\u003e814f977\u003c/code\u003e\u003c/a\u003e Bump pins in README (\u003ca href=\"https://redirect.github.com/zizmorcore/zizmor-action/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/zizmorcore/zizmor-action/compare/b1d7e1fb5de872772f31590499237e7cce841e8e...5f14fd08f7cf1cb1609c1e344975f152c7ee938d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/halostatue/fish-chezmoi/pull/68","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/halostatue%2Ffish-chezmoi/issues/68","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/68/packages"}},{"old_version":"2.14.1","new_version":"2.19.4","update_type":"minor","path":null,"pr_created_at":"2026-06-01T03:34:36.000Z","version_change":"2.14.1 → 2.19.4","issue":{"uuid":"4560110618","node_id":"PR_kwDOIOaZzs7hNZdT","number":292,"state":"open","title":"chore(deps): bump the github-actions group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-01T03:34:36.000Z","updated_at":"2026-06-01T03:34:39.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-actions","update_count":5,"packages":[{"name":"step-security/harden-runner","old_version":"2.14.1","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/setup-node","old_version":"6.3.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-node"},{"name":"changesets/action","old_version":"1.7.0","new_version":"1.8.0","repository_url":"https://github.com/changesets/action"},{"name":"github/codeql-action","old_version":"4.32.4","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"},{"name":"actions/upload-artifact","old_version":"7.0.0","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.1` | `2.19.4` |\n| [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` |\n| [changesets/action](https://github.com/changesets/action) | `1.7.0` | `1.8.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.4` | `4.36.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |\n\n\nUpdates `step-security/harden-runner` from 2.14.1 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/harden-runner/compare/e3f713f2d8f53843e71c69a996d56f51aa9adfb9...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-node` from 6.3.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-node/releases\"\u003eactions/setup-node's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency updates:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js versions in versions.yml and bump package to v6.4.0  by \u003ca href=\"https://github.com/priya-kinthali\"\u003e\u003ccode\u003e@​priya-kinthali\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1533\"\u003eactions/setup-node#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-node/pull/1525\"\u003eactions/setup-node#1525\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-node/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-node/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003e\u003ccode\u003e48b55a0\u003c/code\u003e\u003c/a\u003e Update Node.js versions in versions.yml and bump package to v6.4.0 (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9\"\u003e\u003ccode\u003eab72c7e\u003c/code\u003e\u003c/a\u003e Upgrade \u003ca href=\"https://github.com/actions\"\u003e\u003ccode\u003e@​actions\u003c/code\u003e\u003c/a\u003e dependencies (\u003ca href=\"https://redirect.github.com/actions/setup-node/issues/1525\"\u003e#1525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/setup-node/compare/53b83947a5a98c8d113130e565377fae1a50d02f...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `changesets/action` from 1.7.0 to 1.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/changesets/action/releases\"\u003echangesets/action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.8.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/258\"\u003e#258\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/f5dbf72f96949cb0daf45152f0f63062df70e97d\"\u003e\u003ccode\u003ef5dbf72\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tom-sherman\"\u003e\u003ccode\u003e@​tom-sherman\u003c/code\u003e\u003c/a\u003e! - Support draft version PR modes with a new \u003ccode\u003eprDraft\u003c/code\u003e input. Use \u003ccode\u003ecreate\u003c/code\u003e to create new version PRs as drafts, or \u003ccode\u003ealways\u003c/code\u003e to also convert existing version PRs back to draft when updating them.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/502\"\u003e#502\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/6002dbd987f49a3c0a134910d9c7bca975b79977\"\u003e\u003ccode\u003e6002dbd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/oshytiko\"\u003e\u003ccode\u003e@​oshytiko\u003c/code\u003e\u003c/a\u003e! - Fixed initial \u003ccode\u003e.changeset\u003c/code\u003e state being picked up, when \u003ccode\u003ecwd\u003c/code\u003e parameter is provided\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/536\"\u003e#536\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/81b3f61ebffcb868f73e4c0b2682517149c834a2\"\u003e\u003ccode\u003e81b3f61\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/radnan\"\u003e\u003ccode\u003e@​radnan\u003c/code\u003e\u003c/a\u003e! - Fixed \u003ccode\u003e.changeset\u003c/code\u003e state being picked for the version command when \u003ccode\u003ecwd\u003c/code\u003e parameter is provided\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/changesets/action/blob/main/CHANGELOG.md\"\u003echangesets/action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e\u003ccode\u003e@​changesets/action\u003c/code\u003e\u003c/h1\u003e\n\u003ch2\u003e1.8.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/258\"\u003e#258\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/f5dbf72f96949cb0daf45152f0f63062df70e97d\"\u003e\u003ccode\u003ef5dbf72\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tom-sherman\"\u003e\u003ccode\u003e@​tom-sherman\u003c/code\u003e\u003c/a\u003e! - Support draft version PR modes with a new \u003ccode\u003eprDraft\u003c/code\u003e input. Use \u003ccode\u003ecreate\u003c/code\u003e to create new version PRs as drafts, or \u003ccode\u003ealways\u003c/code\u003e to also convert existing version PRs back to draft when updating them.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/502\"\u003e#502\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/6002dbd987f49a3c0a134910d9c7bca975b79977\"\u003e\u003ccode\u003e6002dbd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/oshytiko\"\u003e\u003ccode\u003e@​oshytiko\u003c/code\u003e\u003c/a\u003e! - Fixed initial \u003ccode\u003e.changeset\u003c/code\u003e state being picked up, when \u003ccode\u003ecwd\u003c/code\u003e parameter is provided\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/536\"\u003e#536\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/81b3f61ebffcb868f73e4c0b2682517149c834a2\"\u003e\u003ccode\u003e81b3f61\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/radnan\"\u003e\u003ccode\u003e@​radnan\u003c/code\u003e\u003c/a\u003e! - Fixed \u003ccode\u003e.changeset\u003c/code\u003e state being picked for the version command when \u003ccode\u003ecwd\u003c/code\u003e parameter is provided\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/564\"\u003e#564\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/935fe876b0054dfc962ac86bcddf028460040d46\"\u003e\u003ccode\u003e935fe87\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Automatically use the GitHub-provided token to allow most users to avoid explicit \u003ccode\u003eGITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\u003c/code\u003e configuration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/545\"\u003e#545\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/54220dd92c06e7da112b139f95d8beb933e4cdde\"\u003e\u003ccode\u003e54220dd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ryanbas21\"\u003e\u003ccode\u003e@​ryanbas21\u003c/code\u003e\u003c/a\u003e! - The \u003ccode\u003e.npmrc\u003c/code\u003e generation now intelligently handles both traditional NPM token authentication and trusted publishing scenarios by only appending the auth token when \u003ccode\u003eNPM_TOKEN\u003c/code\u003e is defined. This prevents 'undefined' from being written to the registry configuration when using OIDC tokens from GitHub Actions trusted publishing.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/563\"\u003e#563\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/6af4a7ec080d23ac6b304f69b67fd0aa92e089e7\"\u003e\u003ccode\u003e6af4a7e\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Don't error on already committed symlinks and executables that stay untouched\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.6.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/558\"\u003e#558\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/342005d41242bccd9dd9ae8d3679efce96af48ae\"\u003e\u003ccode\u003e342005d\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/harsha-venugopal-ledn\"\u003e\u003ccode\u003e@​harsha-venugopal-ledn\u003c/code\u003e\u003c/a\u003e! - Upgrade from Node.js 20 to Node.js 24 LTS\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.5.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/477\"\u003e#477\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/9d933dcd11c284ac49a835db884c3c1008b2b96f\"\u003e\u003ccode\u003e9d933dc\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Updated \u003ccode\u003e@actions/*\u003c/code\u003e and \u003ccode\u003e@octokit/*\u003c/code\u003e dependencies.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/479\"\u003e#479\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/cf373e45c90a0cc564cd2770de3e9a3a4cdd4603\"\u003e\u003ccode\u003ecf373e4\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e! - Switched to \u003ccode\u003eesbuild\u003c/code\u003e for bundling the dist file. This led to 45% file size reduction.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/488\"\u003e#488\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/022692ba027b33bf46d4d41907a317fbf04461a7\"\u003e\u003ccode\u003e022692b\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/s0\"\u003e\u003ccode\u003e@​s0\u003c/code\u003e\u003c/a\u003e! - Fix PRs sometimes not getting reopened with \u003ccode\u003ecommitMode: github-api\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eThere was a race-condition that means sometimes existing PRs would not be found,\nand new PRs would be opened. This has now been fixed by fetching existing PRs\nbefore making any changes.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/486\"\u003e#486\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/7ed195554624ebd75c08aa477b53110f61cc78f7\"\u003e\u003ccode\u003e7ed1955\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/s0\"\u003e\u003ccode\u003e@​s0\u003c/code\u003e\u003c/a\u003e! - Fixed situations in which \u003ccode\u003ecwd\u003c/code\u003e was specified as a relative path and used with (default) \u003ccode\u003ecommitMode: git-cli\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/changesets/action/pull/461\"\u003e#461\u003c/a\u003e \u003ca href=\"https://github.com/changesets/action/commit/e9c36b696406360bf04204ad32e3dcf3ad752b77\"\u003e\u003ccode\u003ee9c36b6\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/nayounsang\"\u003e\u003ccode\u003e@​nayounsang\u003c/code\u003e\u003c/a\u003e! - Avoid hitting a deprecation warning when encountering errors from \u003ccode\u003e@octokit/request-error\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/63a615b9cd06ba9a3e6d13796c7fbcb080a60a0b\"\u003e\u003ccode\u003e63a615b\u003c/code\u003e\u003c/a\u003e v1.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/84c24326acc93f51d3f24f30a546316c82e2115c\"\u003e\u003ccode\u003e84c2432\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://redirect.github.com/changesets/action/issues/598\"\u003e#598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/f5dbf72f96949cb0daf45152f0f63062df70e97d\"\u003e\u003ccode\u003ef5dbf72\u003c/code\u003e\u003c/a\u003e Add draft mode support (\u003ca href=\"https://redirect.github.com/changesets/action/issues/258\"\u003e#258\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/91b911142e975cceaa134eecb302493230d68c05\"\u003e\u003ccode\u003e91b9111\u003c/code\u003e\u003c/a\u003e Protect publishes with env gate (\u003ca href=\"https://redirect.github.com/changesets/action/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/d4c53c294341eec8a419ec2d1927138bfdeec234\"\u003e\u003ccode\u003ed4c53c2\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eCODEOWNERS\u003c/code\u003e pattern\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/2ae596f3dd74aaee4f346b31fda33a58528d3d40\"\u003e\u003ccode\u003e2ae596f\u003c/code\u003e\u003c/a\u003e Tweak CI setup (\u003ca href=\"https://redirect.github.com/changesets/action/issues/599\"\u003e#599\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/0784b0ec8fcaa273fc06742c926ee7cfc946a8e7\"\u003e\u003ccode\u003e0784b0e\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eCODEOWNERS\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/81b3f61ebffcb868f73e4c0b2682517149c834a2\"\u003e\u003ccode\u003e81b3f61\u003c/code\u003e\u003c/a\u003e Fixed \u003ccode\u003e.changeset\u003c/code\u003e state being picked for the version command when \u003ccode\u003ecwd\u003c/code\u003e para...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/changesets/action/commit/6002dbd987f49a3c0a134910d9c7bca975b79977\"\u003e\u003ccode\u003e6002dbd\u003c/code\u003e\u003c/a\u003e Fix reading \u003ccode\u003e.changeset\u003c/code\u003e directory from path provided in \u003ccode\u003ecwd\u003c/code\u003e parameter (\u003ca href=\"https://redirect.github.com/changesets/action/issues/502\"\u003e#502\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/changesets/action/compare/6a0a831ff30acef54f2c6aa1cbbc1096b066edaf...63a615b9cd06ba9a3e6d13796c7fbcb080a60a0b\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.4 to 4.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/89a39a4e59826350b863aa6b6252a07ad50cf83e...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 7.0.0 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/OpenAlly/npm-packages/pull/292","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenAlly%2Fnpm-packages/issues/292","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/292/packages"}},{"old_version":"2.19.0","new_version":"2.19.4","update_type":"patch","path":null,"pr_created_at":"2026-06-01T02:53:06.000Z","version_change":"2.19.0 → 2.19.4","issue":{"uuid":"4559969753","node_id":"PR_kwDOSOOods7hM8yw","number":27,"state":"closed","title":"Bump the dependencies group across 1 directory with 10 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-08T01:30:58.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-01T02:53:06.000Z","updated_at":"2026-06-08T01:30:59.000Z","time_to_close":599872,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"dependencies","update_count":10,"packages":[{"name":"step-security/harden-runner","old_version":"2.19.0","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"fluxcd/flux2","old_version":"2.8.6","new_version":"2.8.8","repository_url":"https://github.com/fluxcd/flux2"},{"name":"step-security/semver-utils","old_version":"4.3.2","new_version":"5.0.0","repository_url":"https://github.com/step-security/semver-utils"},{"name":"step-security/close-milestone","old_version":"2.2.1","new_version":"2.2.2","repository_url":"https://github.com/step-security/close-milestone"},{"name":"sigstore/cosign-installer","old_version":"4.1.1","new_version":"4.1.2","repository_url":"https://github.com/sigstore/cosign-installer"},{"name":"docker/login-action","old_version":"4.1.0","new_version":"4.2.0","repository_url":"https://github.com/docker/login-action"},{"name":"docker/setup-qemu-action","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/docker/setup-qemu-action"},{"name":"docker/setup-buildx-action","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/build-push-action","old_version":"7.1.0","new_version":"7.2.0","repository_url":"https://github.com/docker/build-push-action"},{"name":"securego/gosec","old_version":"2.25.0","new_version":"2.26.1","repository_url":"https://github.com/securego/gosec"}],"path":null,"ecosystem":"actions"},"body":"Bumps the dependencies group with 10 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.19.0` | `2.19.4` |\n| [fluxcd/flux2](https://github.com/fluxcd/flux2) | `2.8.6` | `2.8.8` |\n| [step-security/semver-utils](https://github.com/step-security/semver-utils) | `4.3.2` | `5.0.0` |\n| [step-security/close-milestone](https://github.com/step-security/close-milestone) | `2.2.1` | `2.2.2` |\n| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.1.1` | `4.1.2` |\n| [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` |\n| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.0.0` | `4.1.0` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` |\n| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.1.0` | `7.2.0` |\n| [securego/gosec](https://github.com/securego/gosec) | `2.25.0` | `2.26.1` |\n\n\nUpdates `step-security/harden-runner` from 2.19.0 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/376d25a97f3a1640ff8cbbddaa4af25948df2cf3\"\u003e\u003ccode\u003e376d25a\u003c/code\u003e\u003c/a\u003e fix: detect ubuntu-slim runners early and bail out\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/8d3c67de8e2fe68ef647c8db1e6a09f647780f40...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fluxcd/flux2` from 2.8.6 to 2.8.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fluxcd/flux2/releases\"\u003efluxcd/flux2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.8\u003c/h2\u003e\n\u003ch2\u003eHighlights\u003c/h2\u003e\n\u003cp\u003eFlux v2.8.8 is a patch release that includes CVE fixes via go-git v5.19.1 (source-controller, image-automation-controller), reliability fixes in helm-controller and source-controller, the move of Helm back to upstream v4.2.0, support for GCP sovereign cloud artifact registries, and dependency updates. Users are encouraged to upgrade for the best experience.\u003c/p\u003e\n\u003cp\u003eℹ️ Please follow the \u003ca href=\"https://github.com/fluxcd/flux2/discussions/5572\"\u003eUpgrade Procedure for Flux v2.7+\u003c/a\u003e for a smooth upgrade from Flux v2.6 to the latest version.\u003c/p\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a configurable HTTP timeout for artifact fetching, preventing fetches that could block indefinitely and stall reconciliations (helm-controller)\u003c/li\u003e\n\u003cli\u003eFix unbounded memory growth caused by a Kubernetes client transport retry wrapper accumulating on every reconcile (helm-controller)\u003c/li\u003e\n\u003cli\u003eStop force-applying non-CRD objects placed under a chart's \u003ccode\u003ecrds/\u003c/code\u003e directory (helm-controller)\u003c/li\u003e\n\u003cli\u003eFix the Helm test action failing to find releases with names longer than 53 characters (helm-controller)\u003c/li\u003e\n\u003cli\u003eImprove path handling in the source reconcilers (source-controller)\u003c/li\u003e\n\u003cli\u003eSupport Helm semver build-metadata encoding in OCIRepository tags (source-controller)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eImprovements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate go-git to v5.19.1 which fixes \u003ca href=\"https://github.com/advisories/GHSA-crhj-59gh-8x96\"\u003eCVE-2026-45571\u003c/a\u003e and \u003ca href=\"https://github.com/advisories/GHSA-m7cr-m3pv-hgrp\"\u003eCVE-2026-45570\u003c/a\u003e (source-controller, image-automation-controller)\u003c/li\u003e\n\u003cli\u003eMove Helm back to upstream v4.2.0 (source-controller, helm-controller)\u003c/li\u003e\n\u003cli\u003eAdd support for GCP sovereign cloud artifact registries (source-controller, image-reflector-controller)\u003c/li\u003e\n\u003cli\u003eUpgrade Kubernetes to 1.36.1 (source-controller, helm-controller)\u003c/li\u003e\n\u003cli\u003eUpdate fluxcd/pkg dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eComponents changelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ehelm-controller \u003ca href=\"https://github.com/fluxcd/helm-controller/blob/v1.5.5/CHANGELOG.md\"\u003ev1.5.5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimage-automation-controller \u003ca href=\"https://github.com/fluxcd/image-automation-controller/blob/v1.1.4/CHANGELOG.md\"\u003ev1.1.4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eimage-reflector-controller \u003ca href=\"https://github.com/fluxcd/image-reflector-controller/blob/v1.1.2/CHANGELOG.md\"\u003ev1.1.2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esource-controller \u003ca href=\"https://github.com/fluxcd/source-controller/blob/v1.8.5/CHANGELOG.md\"\u003ev1.8.5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCLI changelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate toolkit components by \u003ca href=\"https://github.com/fluxcdbot\"\u003e\u003ccode\u003e@​fluxcdbot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fluxcd/flux2/pull/5904\"\u003efluxcd/flux2#5904\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fluxcd/flux2/compare/v2.8.7...v2.8.8\"\u003ehttps://github.com/fluxcd/flux2/compare/v2.8.7...v2.8.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.7\u003c/h2\u003e\n\u003ch2\u003eHighlights\u003c/h2\u003e\n\u003cp\u003eFlux v2.8.7 is a patch release that includes a bug fix in kustomize-controller, a CVE fix in source-controller and image-automation-controller via go-git v5.19.0, and dependency updates. Users are encouraged to upgrade for the best experience.\u003c/p\u003e\n\u003cp\u003eℹ️ Please follow the \u003ca href=\"https://github.com/fluxcd/flux2/discussions/5572\"\u003eUpgrade Procedure for Flux v2.7+\u003c/a\u003e for a smooth upgrade from Flux v2.6 to the latest version.\u003c/p\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix management of objects annotated with \u003ccode\u003ekustomize.toolkit.fluxcd.io/ssa: IfNotPresent\u003c/code\u003e where non-namespaced resources were being deleted and recreated on each reconciliation (kustomize-controller)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eImprovements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate go-git to v5.19.0 which fixes \u003ca href=\"https://github.com/advisories/GHSA-389r-gv7p-r3rp\"\u003eCVE-2026-45022\u003c/a\u003e (source-controller, image-automation-controller)\u003c/li\u003e\n\u003cli\u003eUpdate fluxcd/pkg dependencies (source-controller, kustomize-controller, image-automation-controller)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eComponents changelog\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/1fd61a06264d71cf445ed55c4f14d401d26a1c64\"\u003e\u003ccode\u003e1fd61a0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5904\"\u003e#5904\u003c/a\u003e from fluxcd/update-components-release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/477f048ec0c3c47ce402c5be45cb67b9b2b84386\"\u003e\u003ccode\u003e477f048\u003c/code\u003e\u003c/a\u003e Update toolkit components\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/0acfaa26c6219cb08e3add4432b981436b2a4f49\"\u003e\u003ccode\u003e0acfaa2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5899\"\u003e#5899\u003c/a\u003e from fluxcd/update-pkg-deps/release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/264957f40bef9d139323341e7466548ebba17c27\"\u003e\u003ccode\u003e264957f\u003c/code\u003e\u003c/a\u003e Update fluxcd/pkg dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/54e4ba378e155ada619caafdc599e5c4d759ce5c\"\u003e\u003ccode\u003e54e4ba3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5891\"\u003e#5891\u003c/a\u003e from fluxcd/update-components-release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/d2fbb16656555a93adfb5aa0ec7ca145919acacb\"\u003e\u003ccode\u003ed2fbb16\u003c/code\u003e\u003c/a\u003e Update toolkit components\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/66533d7c9027618340b96e7a925cbef4f43f4dfc\"\u003e\u003ccode\u003e66533d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fluxcd/flux2/issues/5882\"\u003e#5882\u003c/a\u003e from fluxcd/backport-5881-to-release/v2.8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fluxcd/flux2/commit/7ac36233f338adf90eb7546533f87c23a32d50fc\"\u003e\u003ccode\u003e7ac3623\u003c/code\u003e\u003c/a\u003e include source-watcher in install manifests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/fluxcd/flux2/compare/04acaec6161ac4fb1a82ffafa88901c03271d34f...1fd61a06264d71cf445ed55c4f14d401d26a1c64\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `step-security/semver-utils` from 4.3.2 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/semver-utils/releases\"\u003estep-security/semver-utils's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/220\"\u003estep-security/semver-utils#220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/221\"\u003estep-security/semver-utils#221\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade packages to fix vulnerabilities by \u003ca href=\"https://github.com/Raj-StepSecurity\"\u003e\u003ccode\u003e@​Raj-StepSecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/222\"\u003estep-security/semver-utils#222\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/223\"\u003estep-security/semver-utils#223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/224\"\u003estep-security/semver-utils#224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Remove guarddog.yml by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/225\"\u003estep-security/semver-utils#225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/227\"\u003estep-security/semver-utils#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Add claude review workflow by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/228\"\u003estep-security/semver-utils#228\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: added banner and update subscription check to make maintained actions free for public repos by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/226\"\u003estep-security/semver-utils#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 4.1.1 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/175\"\u003estep-security/semver-utils#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/202\"\u003estep-security/semver-utils#202\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github/codeql-action from 3.24.3 to 4.35.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/218\"\u003estep-security/semver-utils#218\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/dependency-review-action from 4.1.3 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/209\"\u003estep-security/semver-utils#209\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Update auto cherry-pick workflow by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/230\"\u003estep-security/semver-utils#230\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Cherry-picked changes from upstream by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/229\"\u003estep-security/semver-utils#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/semver-utils/pull/225\"\u003estep-security/semver-utils#225\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/semver-utils/compare/v4...v5.0.0\"\u003ehttps://github.com/step-security/semver-utils/compare/v4...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/5bb182a08240146b23b61cc002cb74004377da4b\"\u003e\u003ccode\u003e5bb182a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/229\"\u003e#229\u003c/a\u003e from step-security/auto-cherry-pick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/57d3f51f108d62d579217a48d6ea0098e9a183ee\"\u003e\u003ccode\u003e57d3f51\u003c/code\u003e\u003c/a\u003e chore: Bump version in package.json and lock file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/6ac856db625c45a3598e902d3d41ff82e6c6225b\"\u003e\u003ccode\u003e6ac856d\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into auto-cherry-pick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/b36e30950176cfdc82294700f613aa2bcffe72f0\"\u003e\u003ccode\u003eb36e309\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/230\"\u003e#230\u003c/a\u003e from step-security/fix-auto-cherry-pick\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/385280376f65b1dfeedc496f98d305d0b42ab1a0\"\u003e\u003ccode\u003e3852803\u003c/code\u003e\u003c/a\u003e fix: Update auto cherry-pick workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/dbfcfd87d115b9a32284e1b53930aae83c1820e5\"\u003e\u003ccode\u003edbfcfd8\u003c/code\u003e\u003c/a\u003e chore: Cherry-pick changes from upstream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/ecb04aec3bade353524b29c14ba3579d7c45779c\"\u003e\u003ccode\u003eecb04ae\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/ba69ca4900a31d80c7f4d9556f25e85777cbcaa7\"\u003e\u003ccode\u003eba69ca4\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/6f8e4f9839152d933a82fe6bdf6802d389b120d7\"\u003e\u003ccode\u003e6f8e4f9\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/semver-utils/commit/9e44e9ebb00a2d5a1d8ef8886eb5c2a809949843\"\u003e\u003ccode\u003e9e44e9e\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/step-security/semver-utils/issues/847\"\u003e#847\u003c/a\u003e: Node 24 + some updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/semver-utils/compare/4ae9c1fd6d1c5f8f152fe7e2efe8069a952c2ace...5bb182a08240146b23b61cc002cb74004377da4b\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `step-security/close-milestone` from 2.2.1 to 2.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/close-milestone/releases\"\u003estep-security/close-milestone's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/109\"\u003estep-security/close-milestone#109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/125\"\u003estep-security/close-milestone#125\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/126\"\u003estep-security/close-milestone#126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/127\"\u003estep-security/close-milestone#127\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/128\"\u003estep-security/close-milestone#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/129\"\u003estep-security/close-milestone#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/130\"\u003estep-security/close-milestone#130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/131\"\u003estep-security/close-milestone#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/132\"\u003estep-security/close-milestone#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/133\"\u003estep-security/close-milestone#133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/134\"\u003estep-security/close-milestone#134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade packages to fix vulnerabilities by \u003ca href=\"https://github.com/Raj-StepSecurity\"\u003e\u003ccode\u003e@​Raj-StepSecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/135\"\u003estep-security/close-milestone#135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/136\"\u003estep-security/close-milestone#136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/137\"\u003estep-security/close-milestone#137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/138\"\u003estep-security/close-milestone#138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Remove guarddog.yml by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/139\"\u003estep-security/close-milestone#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/141\"\u003estep-security/close-milestone#141\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Security updates by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/142\"\u003estep-security/close-milestone#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: create claude_review.yml by \u003ca href=\"https://github.com/amanstep\"\u003e\u003ccode\u003e@​amanstep\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/143\"\u003estep-security/close-milestone#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: added banner and update subscription check to make maintained actions free for public repos by \u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/140\"\u003estep-security/close-milestone#140\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anurag-stepsecurity\"\u003e\u003ccode\u003e@​anurag-stepsecurity\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/139\"\u003estep-security/close-milestone#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amanstep\"\u003e\u003ccode\u003e@​amanstep\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/close-milestone/pull/143\"\u003estep-security/close-milestone#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/close-milestone/compare/v2...v2.2.2\"\u003ehttps://github.com/step-security/close-milestone/compare/v2...v2.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/d6e3b63e31f1f869bd3d0403f8cdc1a68f59ab4a\"\u003e\u003ccode\u003ed6e3b63\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/140\"\u003e#140\u003c/a\u003e from step-security/feat/update-subscription-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/863f964626093731ac2c636fa7dc5ff3d2644274\"\u003e\u003ccode\u003e863f964\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into feat/update-subscription-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/e1b596a61a6ecc976f5da769dd6d7fa404a0d678\"\u003e\u003ccode\u003ee1b596a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/143\"\u003e#143\u003c/a\u003e from step-security/amanstep-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/46baafa0c6c0df51b9d34812be4ae404ccbd2e46\"\u003e\u003ccode\u003e46baafa\u003c/code\u003e\u003c/a\u003e format: fixed formatting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/6bc6bcafec2bf2bebc8ab86081cdd0b8f2630caf\"\u003e\u003ccode\u003e6bc6bca\u003c/code\u003e\u003c/a\u003e ci: create claude_review.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/e988771562706195b18b9441460b11d785b5904d\"\u003e\u003ccode\u003ee988771\u003c/code\u003e\u003c/a\u003e chore: dist updated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/07bcad02d188d4bdc830f6403f27aa3a63d9230e\"\u003e\u003ccode\u003e07bcad0\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into feat/update-subscription-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/bde7f30187b35ad62a306764515a07135f09a465\"\u003e\u003ccode\u003ebde7f30\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/142\"\u003e#142\u003c/a\u003e from step-security/npm-audit-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/c147b794f062d8a0fa8066b154701c8dda26b2ca\"\u003e\u003ccode\u003ec147b79\u003c/code\u003e\u003c/a\u003e fix: apply audit fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/close-milestone/commit/5e1530b9f64d08ab27a6804b967af5a24b50792d\"\u003e\u003ccode\u003e5e1530b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/close-milestone/issues/141\"\u003e#141\u003c/a\u003e from step-security/npm-audit-fix\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/close-milestone/compare/b097272a7aaa0f5c40dc6bc671d45d35c5e85b51...d6e3b63e31f1f869bd3d0403f8cdc1a68f59ab4a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sigstore/cosign-installer` from 4.1.1 to 4.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sigstore/cosign-installer/releases\"\u003esigstore/cosign-installer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump cosign to 3.0.6 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/232\"\u003esigstore/cosign-installer#232\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003e\u003ccode\u003e6f9f177\u003c/code\u003e\u003c/a\u003e Bump cosign to 3.0.6 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/b5e753ae2d39589c7b38850b463739151fc67f07\"\u003e\u003ccode\u003eb5e753a\u003c/code\u003e\u003c/a\u003e Bump actions/github-script from 8.0.0 to 9.0.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/230\"\u003e#230\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/115e4ce455e573aa6e9ba51e8d040ddd5c1378af\"\u003e\u003ccode\u003e115e4ce\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 6.3.0 to 6.4.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003...6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/login-action` from 4.1.0 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/login-action/releases\"\u003edocker/login-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/976\"\u003edocker/login-action#976\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1050.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/960\"\u003edocker/login-action#960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/970\"\u003edocker/login-action#970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.1 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/993\"\u003edocker/login-action#993\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/985\"\u003edocker/login-action#985\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.6 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/963\"\u003edocker/login-action#963\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 9.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/961\"\u003edocker/login-action#961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/979\"\u003edocker/login-action#979\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/991\"\u003edocker/login-action#991\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.3 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/986\"\u003edocker/login-action#986\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.1.0...v4.2.0\"\u003ehttps://github.com/docker/login-action/compare/v4.1.0...v4.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003e\u003ccode\u003e650006c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/960\"\u003e#960\u003c/a\u003e from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/99df1a3f6d65e48177ea57671a50e2242eae4b63\"\u003e\u003ccode\u003e99df1a3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3ab375f324f46da5f6901efeda4be4e2566ebaa2\"\u003e\u003ccode\u003e3ab375f\u003c/code\u003e\u003c/a\u003e build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/39d85804ae465a1816c68ff58158ec66883981b4\"\u003e\u003ccode\u003e39d8580\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/970\"\u003e#970\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/4eefcd33ca7213989697445a78b6730274bfaba6\"\u003e\u003ccode\u003e4eefcd3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/56d092c8b3f04006c22f4fc20a2b3d2442caed56\"\u003e\u003ccode\u003e56d092c\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/e2e31ca87063ae00fd41ad3b9c548dd8ec24c5ff\"\u003e\u003ccode\u003ee2e31ca\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/976\"\u003e#976\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/0bced941e843afc786fbfd58b1c6c13ca11e09c9\"\u003e\u003ccode\u003e0bced94\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3e75a0f266b07e09777a621d0ca5f4432ef9f10c\"\u003e\u003ccode\u003e3e75a0f\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/365bebd9d646160567ebad47824f026e09ee6970\"\u003e\u003ccode\u003e365bebd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/984\"\u003e#984\u003c/a\u003e from docker/dependabot/github_actions/aws-actions/con...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/login-action/compare/4907a6ddec9925e35a0a9e82d7399ccc52663121...650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-qemu-action` from 4.0.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-qemu-action/releases\"\u003edocker/setup-qemu-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ereset\u003c/code\u003e input to uninstall current emulators by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/21\"\u003edocker/setup-qemu-action#21\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.77.0 to 0.91.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/250\"\u003edocker/setup-qemu-action#250\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/247\"\u003edocker/setup-qemu-action#247\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.15 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/265\"\u003edocker/setup-qemu-action#265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.0.0 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/286\"\u003edocker/setup-qemu-action#286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/255\"\u003edocker/setup-qemu-action#255\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/257\"\u003edocker/setup-qemu-action#257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.15 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/254\"\u003edocker/setup-qemu-action#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/262\"\u003edocker/setup-qemu-action#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/273\"\u003edocker/setup-qemu-action#273\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/285\"\u003edocker/setup-qemu-action#285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/287\"\u003edocker/setup-qemu-action#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tmp from 0.2.5 to 0.2.6 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/291\"\u003edocker/setup-qemu-action#291\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.26.0 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/251\"\u003edocker/setup-qemu-action#251\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/pull/271\"\u003edocker/setup-qemu-action#271\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-qemu-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/setup-qemu-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/06116385d9baf250c9f4dcb4858b16962ea869c3\"\u003e\u003ccode\u003e0611638\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/21\"\u003e#21\u003c/a\u003e from crazy-max/uninst\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/ce59c818a5ff16552ddf7407ee7cb00bea682925\"\u003e\u003ccode\u003ece59c81\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/2ddad4401e17fa807e8a3c4bd289ccdd993f0868\"\u003e\u003ccode\u003e2ddad44\u003c/code\u003e\u003c/a\u003e uninstall current emulators\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/8c37cd6f3456e1f3f3026250eac496709e9e7e10\"\u003e\u003ccode\u003e8c37cd6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/250\"\u003e#250\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/d1a0ff34af591b8e290e46f3fa114ef5bb81cd1c\"\u003e\u003ccode\u003ed1a0ff3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/0a8f3dc12541cc2c3b19c182a1a2c90a2c8b8d93\"\u003e\u003ccode\u003e0a8f3dc\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.91.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/9430f61a7691bd1bfdc4d6ba70e558659d36fa7a\"\u003e\u003ccode\u003e9430f61\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/291\"\u003e#291\u003c/a\u003e from docker/dependabot/npm_and_yarn/tmp-0.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/978bd7796cb6698377e7af6726b726e5ced642d0\"\u003e\u003ccode\u003e978bd77\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/3479febc62cc0fbcb98c7c7fc0dac778c0d79d6a\"\u003e\u003ccode\u003e3479feb\u003c/code\u003e\u003c/a\u003e build(deps): bump tmp from 0.2.5 to 0.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-qemu-action/commit/b113c264143c28c2974bed61af25be32d32f4782\"\u003e\u003ccode\u003eb113c26\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-qemu-action/issues/255\"\u003e#255\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-5...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-qemu-action/compare/ce360397dd3f832beb865e1373c09c0e9f86d70a...06116385d9baf250c9f4dcb4858b16962ea869c3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-buildx-action` from 4.0.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-buildx-action/releases\"\u003edocker/setup-buildx-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/489\"\u003edocker/setup-buildx-action#489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/547\"\u003edocker/setup-buildx-action#547\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/508\"\u003edocker/setup-buildx-action#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.0.0 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/540\"\u003edocker/setup-buildx-action#540\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/496\"\u003edocker/setup-buildx-action#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/499\"\u003edocker/setup-buildx-action#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 13.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/495\"\u003edocker/setup-buildx-action#495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/504\"\u003edocker/setup-buildx-action#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/523\"\u003edocker/setup-buildx-action#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/503\"\u003edocker/setup-buildx-action#503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/537\"\u003edocker/setup-buildx-action#537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/545\"\u003edocker/setup-buildx-action#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.25.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/492\"\u003edocker/setup-buildx-action#492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/520\"\u003edocker/setup-buildx-action#520\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5\"\u003e\u003ccode\u003ed7f5e7f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/489\"\u003e#489\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/92bc5c9777806d0a73d9d668ba2114fa1177f164\"\u003e\u003ccode\u003e92bc5c9\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/da11e35abee0f20cb4f1c1b7c461d37c29be52f5\"\u003e\u003ccode\u003eda11e35\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/f021e162ef95b6fba51af1c6674f537f25bce851\"\u003e\u003ccode\u003ef021e16\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/492\"\u003e#492\u003c/a\u003e from docker/dependabot/npm_and_yarn/undici-6.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/b5af94fab700aee0c64d6077e0e34ae987815b67\"\u003e\u003ccode\u003eb5af94f\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/16ad9776a801d0c47f0a05f007b88a3789aa8ab6\"\u003e\u003ccode\u003e16ad977\u003c/code\u003e\u003c/a\u003e build(deps): bump undici from 6.23.0 to 6.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/d7a12d7df895b33bd02a9b4bf62a12f2b9a24458\"\u003e\u003ccode\u003ed7a12d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/495\"\u003e#495\u003c/a\u003e from docker/dependabot/npm_and_yarn/glob-10.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/28ff27de4eed7518d361591f2cd1dfb69c34a7cb\"\u003e\u003ccode\u003e28ff27d\u003c/code\u003e\u003c/a\u003e build(deps): bump glob from 10.3.12 to 13.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/daf436b50e13d9053b9730cbc16516891878b019\"\u003e\u003ccode\u003edaf436b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/496\"\u003e#496\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-5...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/9725348367859764880f2f2e688a6b0c353e3f35\"\u003e\u003ccode\u003e9725348\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/build-push-action` from 7.1.0 to 7.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/build-push-action/releases\"\u003edocker/build-push-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1525\"\u003edocker/build-push-action#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1517\"\u003edocker/build-push-action#1517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.2 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1534\"\u003edocker/build-push-action#1534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1529\"\u003edocker/build-push-action#1529\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.5.7 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1521\"\u003edocker/build-push-action#1521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1526\"\u003edocker/build-push-action#1526\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1533\"\u003edocker/build-push-action#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003e\u003ccode\u003ef9f3042\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1517\"\u003e#1517\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/812d5fd9212a4c5d419e5be02fd8e9bb435c5d76\"\u003e\u003ccode\u003e812d5fd\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/b6f66930769f2917a3275dc4d81f15583ac7e105\"\u003e\u003ccode\u003eb6f6693\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/c1c626eced73a500ec65c4256c620b3b9e8278c0\"\u003e\u003ccode\u003ec1c626e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1525\"\u003e#1525\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/51bb284cd4d05650aa6f5e4e22cb96d2cbfe62b7\"\u003e\u003ccode\u003e51bb284\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/5f7884def8f133e8ef40c53d003d1471c05621c6\"\u003e\u003ccode\u003e5f7884d\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/e01deff7d956c756a20f3e19ff7ddc0e4a50fc1d\"\u003e\u003ccode\u003ee01deff\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1521\"\u003e#1521\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/3804d497934b39bd591ee9d1c6c9e593b4488a67\"\u003e\u003ccode\u003e3804d49\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/71e8947aac5dad23ce83a43e9c98f750e02de2f3\"\u003e\u003ccode\u003e71e8947\u003c/code\u003e\u003c/a\u003e chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/4925ad24cdbc42ff492d76cf9fe7a30b79976b60\"\u003e\u003ccode\u003e4925ad2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1526\"\u003e#1526\u003c/a\u003e from docker/dependabot/npm_and_yarn/postcss-8.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/build-push-action/compare/bcafcacb16a39f128d818304e6c9c0c18556b85f...f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `securego/gosec` from 2.25.0 to 2.26.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/securego/gosec/releases\"\u003esecurego/gosec's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.26.1\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e4a3bd8af174872c778439083ded7adbf3747e770 Update cosign to v3.0.6 (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1659\"\u003e#1659\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/4a3bd8af174872c778439083ded7adbf3747e770\"\u003e\u003ccode\u003e4a3bd8a\u003c/code\u003e\u003c/a\u003e Update cosign to v3.0.6 (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1659\"\u003e#1659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/553d8a50502028375f270b69e959dc11c7952608\"\u003e\u003ccode\u003e553d8a5\u003c/code\u003e\u003c/a\u003e Sync taint rule docs and add missing CWE mappings for G113/G307 (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1658\"\u003e#1658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/bf0ccd3df8261d964761107a6a95e6ea1c3827d4\"\u003e\u003ccode\u003ebf0ccd3\u003c/code\u003e\u003c/a\u003e Update all dependencies (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1657\"\u003e#1657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/4ead098510926e1015958a36dc966bfcb7f6ee11\"\u003e\u003ccode\u003e4ead098\u003c/code\u003e\u003c/a\u003e Add G710 rule for open redirect via taint analysis (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1654\"\u003e#1654\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/8ff985fe09b4ab91eeee620dbe4b1040d3455ce9\"\u003e\u003ccode\u003e8ff985f\u003c/code\u003e\u003c/a\u003e Fix formatting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/a1aad0cd00df35c86209a9e6061111dacbd9907d\"\u003e\u003ccode\u003ea1aad0c\u003c/code\u003e\u003c/a\u003e Update the default models use by autofix and phase out the older models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/74bdf7f88000ef7e94c313aa2e7ee940d8441cd3\"\u003e\u003ccode\u003e74bdf7f\u003c/code\u003e\u003c/a\u003e Format and clean-up the README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/74dc9893d6580d70cffff6af97c326a839e39ac0\"\u003e\u003ccode\u003e74dc989\u003c/code\u003e\u003c/a\u003e Add HTTP file-serving function to the skins of pathtraversal analyzer (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1647\"\u003e#1647\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/70201119fe26d60395006dbb0f5baa9837c5e37d\"\u003e\u003ccode\u003e7020111\u003c/code\u003e\u003c/a\u003e Skip flaging the TLS min version for go 1.18+ (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1646\"\u003e#1646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/securego/gosec/commit/d5869fccbc7e2b7b091d78c3fd359f9977aa0341\"\u003e\u003ccode\u003ed5869fc\u003c/code\u003e\u003c/a\u003e chore(deps): bump go.opentelemetry.io/otel from 1.39.0 to 1.41.0 (\u003ca href=\"https://redirect.github.com/securego/gosec/issues/1645\"\u003e#1645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/securego/gosec/compare/223e19b8856e00f02cc67804499a83f77e208f3c...4a3bd8af174872c778439083ded7adbf3747e770\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/oyakh1/hiero-mirror-node--006/pull/27","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/oyakh1%2Fhiero-mirror-node--006/issues/27","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/27/packages"}},{"old_version":"2.4.0","new_version":"2.19.4","update_type":"minor","path":null,"pr_created_at":"2026-05-31T18:20:46.000Z","version_change":"2.4.0 → 2.19.4","issue":{"uuid":"4558532808","node_id":"PR_kwDOStM2n87hIk5A","number":4,"state":"open","title":"github-actions(deps): bump step-security/harden-runner from 2.4.0 to 2.19.4","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-31T18:20:46.000Z","updated_at":"2026-05-31T18:22:00.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"github-actions(deps)","packages":[{"name":"step-security/harden-runner","old_version":"2.4.0","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"}],"path":null,"ecosystem":"actions"},"body":"Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.4.0 to 2.19.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/step-security/harden-runner/compare/128a63446a954579617e875aaab7d2978154e969...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner\u0026package-manager=github_actions\u0026previous-version=2.4.0\u0026new-version=2.19.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/SolidWorx/SolidShift/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SolidWorx%2FSolidShift/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"}},{"old_version":"2.19.0","new_version":"2.19.4","update_type":"patch","path":null,"pr_created_at":"2026-05-30T01:01:56.000Z","version_change":"2.19.0 → 2.19.4","issue":{"uuid":"4552609009","node_id":"PR_kwDOSe3Vr87g2yS6","number":3,"state":"open","title":"chore(deps): bump the github-actions group across 1 directory with 15 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T01:01:56.000Z","updated_at":"2026-05-30T01:01:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-actions","update_count":15,"packages":[{"name":"actions/checkout","old_version":"3.1.0","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"step-security/harden-runner","old_version":"2.19.0","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"},{"name":"golangci/golangci-lint-action","old_version":"9.2.0","new_version":"9.2.1","repository_url":"https://github.com/golangci/golangci-lint-action"},{"name":"codecov/codecov-action","old_version":"6.0.0","new_version":"6.0.1","repository_url":"https://github.com/codecov/codecov-action"},{"name":"github/codeql-action","old_version":"2.1.36","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"},{"name":"actions/dependency-review-action","old_version":"4.9.0","new_version":"5.0.0","repository_url":"https://github.com/actions/dependency-review-action"},{"name":"goreleaser/goreleaser-action","old_version":"7.2.1","new_version":"7.2.2","repository_url":"https://github.com/goreleaser/goreleaser-action"},{"name":"actions/labeler","old_version":"6.0.1","new_version":"6.1.0","repository_url":"https://github.com/actions/labeler"},{"name":"google/osv-scanner-action","old_version":"2.3.5","new_version":"2.3.8","repository_url":"https://github.com/google/osv-scanner-action"},{"name":"release-drafter/release-drafter","old_version":"7.2.1","new_version":"7.3.1","repository_url":"https://github.com/release-drafter/release-drafter"},{"name":"sigstore/cosign-installer","old_version":"4.1.1","new_version":"4.1.2","repository_url":"https://github.com/sigstore/cosign-installer"},{"name":"docker/setup-qemu-action","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/docker/setup-qemu-action"},{"name":"docker/setup-buildx-action","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/login-action","old_version":"4.1.0","new_version":"4.2.0","repository_url":"https://github.com/docker/login-action"},{"name":"crate-ci/typos","old_version":"1.45.2","new_version":"1.47.0","repository_url":"https://github.com/crate-ci/typos"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 15 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `3.1.0` | `6.0.2` |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.19.0` | `2.19.4` |\n| [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `9.2.0` | `9.2.1` |\n| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `6.0.0` | `6.0.1` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `2.1.36` | `4.36.0` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.9.0` | `5.0.0` |\n| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `7.2.1` | `7.2.2` |\n| [actions/labeler](https://github.com/actions/labeler) | `6.0.1` | `6.1.0` |\n| [google/osv-scanner-action](https://github.com/google/osv-scanner-action) | `2.3.5` | `2.3.8` |\n| [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) | `7.2.1` | `7.3.1` |\n| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.1.1` | `4.1.2` |\n| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.0.0` | `4.1.0` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` |\n| [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` |\n| [crate-ci/typos](https://github.com/crate-ci/typos) | `1.45.2` | `1.47.0` |\n\n\nUpdates `actions/checkout` from 3.1.0 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v3.1.0...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `step-security/harden-runner` from 2.19.0 to 2.19.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault to audit mode when api-key missing with use-policy-store by \u003ca href=\"https://github.com/varunsh-coder\"\u003e\u003ccode\u003e@​varunsh-coder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/665\"\u003estep-security/harden-runner#665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.2...v2.19.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.1...v2.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ab7a9404c0f3da075243ca237b5fac12c98deaa5\"\u003e\u003ccode\u003eab7a940\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/665\"\u003e#665\u003c/a\u003e from step-security/fix/use-policy-store-default-audit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/ec41b783c27ed7f0db6855a6d9970abd4572858c\"\u003e\u003ccode\u003eec41b78\u003c/code\u003e\u003c/a\u003e Default to audit mode when api-key missing with use-policy-store\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9ca718d3bf646d6534007c269a635b3e54cadf99\"\u003e\u003ccode\u003e9ca718d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/664\"\u003e#664\u003c/a\u003e from step-security/update-agent-v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/1dee3df8d29f4225c582eee2ddb6053ca616c0df\"\u003e\u003ccode\u003e1dee3df\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/376d25a97f3a1640ff8cbbddaa4af25948df2cf3\"\u003e\u003ccode\u003e376d25a\u003c/code\u003e\u003c/a\u003e fix: detect ubuntu-slim runners early and bail out\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/8d3c67de8e2fe68ef647c8db1e6a09f647780f40...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golangci/golangci-lint-action` from 9.2.0 to 9.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/golangci/golangci-lint-action/releases\"\u003egolangci/golangci-lint-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eIMPORTANT: this is the first immutable release.\u003c/p\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: improve workflows by \u003ca href=\"https://github.com/ldez\"\u003e\u003ccode\u003e@​ldez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1394\"\u003egolangci/golangci-lint-action#1394\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1325\"\u003egolangci/golangci-lint-action#1325\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1326\"\u003egolangci/golangci-lint-action#1326\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the dependencies group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1327\"\u003egolangci/golangci-lint-action#1327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1328\"\u003egolangci/golangci-lint-action#1328\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump \u003ccode\u003e@​types/node\u003c/code\u003e from 25.0.2 to 25.0.3 in the dependencies group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1329\"\u003egolangci/golangci-lint-action#1329\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1330\"\u003egolangci/golangci-lint-action#1330\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1332\"\u003egolangci/golangci-lint-action#1332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1333\"\u003egolangci/golangci-lint-action#1333\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the dependencies group with 6 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1334\"\u003egolangci/golangci-lint-action#1334\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1335\"\u003egolangci/golangci-lint-action#1335\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the dependencies group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1336\"\u003egolangci/golangci-lint-action#1336\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1337\"\u003egolangci/golangci-lint-action#1337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump \u003ccode\u003e@​types/node\u003c/code\u003e from 25.0.9 to 25.0.10 in the dependencies group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1338\"\u003egolangci/golangci-lint-action#1338\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fast-xml-parser from 5.3.3 to 5.3.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1339\"\u003egolangci/golangci-lint-action#1339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1340\"\u003egolangci/golangci-lint-action#1340\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1344\"\u003egolangci/golangci-lint-action#1344\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fast-xml-parser from 5.3.4 to 5.3.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1346\"\u003egolangci/golangci-lint-action#1346\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump minimatch by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1348\"\u003egolangci/golangci-lint-action#1348\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump minimatch from 3.1.3 to 3.1.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1350\"\u003egolangci/golangci-lint-action#1350\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fast-xml-parser from 5.3.6 to 5.4.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1351\"\u003egolangci/golangci-lint-action#1351\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fast-xml-parser from 5.4.1 to 5.5.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1357\"\u003egolangci/golangci-lint-action#1357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fast-xml-parser from 5.5.6 to 5.5.7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1358\"\u003egolangci/golangci-lint-action#1358\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump flatted from 3.3.3 to 3.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1359\"\u003egolangci/golangci-lint-action#1359\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump picomatch from 4.0.3 to 4.0.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1364\"\u003egolangci/golangci-lint-action#1364\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump yaml from 2.8.2 to 2.8.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1365\"\u003egolangci/golangci-lint-action#1365\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump brace-expansion by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1370\"\u003egolangci/golangci-lint-action#1370\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump the dev-dependencies group across 1 directory with 7 updates by \u003ca href=\"https://github.com/ldez\"\u003e\u003ccode\u003e@​ldez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1374\"\u003egolangci/golangci-lint-action#1374\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 4 to 4.35.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1384\"\u003egolangci/golangci-lint-action#1384\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1386\"\u003egolangci/golangci-lint-action#1386\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 4.35.2 to 4.35.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1389\"\u003egolangci/golangci-lint-action#1389\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 4.35.3 to 4.35.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/pull/1391\"\u003egolangci/golangci-lint-action#1391\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golangci/golangci-lint-action/compare/v9.2.0...v9.2.1\"\u003ehttps://github.com/golangci/golangci-lint-action/compare/v9.2.0...v9.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golangci/golangci-lint-action/commit/82606bf257cbaff209d206a39f5134f0cfbfd2ee\"\u003e\u003ccode\u003e82606bf\u003c/code\u003e\u003c/a\u003e chore: prepare release v9.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golangci/golangci-lint-action/commit/97c8387e660fa3be78f698fb592523e1f906a02c\"\u003e\u003ccode\u003e97c8387\u003c/code\u003e\u003c/a\u003e chore: improve workflows (\u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/issues/1394\"\u003e#1394\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golangci/golangci-lint-action/commit/28d0a191bb76f633872d1f12600dd9900ac73840\"\u003e\u003ccode\u003e28d0a19\u003c/code\u003e\u003c/a\u003e build(deps): bump the dependencies group across 1 directory with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golangci/golangci-lint-action/commit/633fbc7d54a1fe7d54f72fb83194a7d442beb929\"\u003e\u003ccode\u003e633fbc7\u003c/code\u003e\u003c/a\u003e build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 (\u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/issues/1391\"\u003e#1391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golangci/golangci-lint-action/commit/59f43e26c902dadac745307f8cf2537da50ad344\"\u003e\u003ccode\u003e59f43e2\u003c/code\u003e\u003c/a\u003e build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (\u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/issues/1389\"\u003e#1389\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golangci/golangci-lint-action/commit/9eb174e04acac69b4b7f6602f9a5cc384ba59b45\"\u003e\u003ccode\u003e9eb174e\u003c/code\u003e\u003c/a\u003e build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 (\u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/issues/1386\"\u003e#1386\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golangci/golangci-lint-action/commit/4f52504dfb47d09a983372e869f643e9e0d4014b\"\u003e\u003ccode\u003e4f52504\u003c/code\u003e\u003c/a\u003e build(deps): bump github/codeql-action from 4 to 4.35.2 (\u003ca href=\"https://redirect.github.com/golangci/golangci-lint-action/issues/1384\"\u003e#1384\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golangci/golangci-lint-action/commit/6f87dfdbd16618b59a5d86104adea6216152a47c\"\u003e\u003ccode\u003e6f87dfd\u003c/code\u003e\u003c/a\u003e docs: update examples\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golangci/golangci-lint-action/commit/c9500d7aa7797b3e999034a3e6a0b9a4f18e8708\"\u003e\u003ccode\u003ec9500d7\u003c/code\u003e\u003c/a\u003e chore: improve workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golangci/golangci-lint-action/commit/03b1faa37ed78712fa70fc44b56fa553f0d7a6bc\"\u003e\u003ccode\u003e03b1faa\u003c/code\u003e\u003c/a\u003e chore: improve issue templates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golangci/golangci-lint-action/compare/1e7e51e771db61008b38414a730f564565cf7c20...82606bf257cbaff209d206a39f5134f0cfbfd2ee\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `codecov/codecov-action` from 6.0.0 to 6.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/releases\"\u003ecodecov/codecov-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: prevent template injection in run: steps (VULN-1652) by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1947\"\u003ecodecov/codecov-action#1947\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): 6.0.1 by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1949\"\u003ecodecov/codecov-action#1949\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v6.0.0...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md\"\u003ecodecov/codecov-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.5.2\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.1\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: overwrite pr number on fork by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1871\"\u003ecodecov/codecov-action#1871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.2 to 5.0.0 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1868\"\u003ecodecov/codecov-action#1868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1867\"\u003ecodecov/codecov-action#1867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update to use local app/ dir by \u003ca href=\"https://github.com/thomasrockhu-codecov\"\u003e\u003ccode\u003e@​thomasrockhu-codecov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1872\"\u003ecodecov/codecov-action#1872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typo in README by \u003ca href=\"https://github.com/datalater\"\u003e\u003ccode\u003e@​datalater\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1866\"\u003ecodecov/codecov-action#1866\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument a \u003ccode\u003ecodecov-cli\u003c/code\u003e version reference example by \u003ca href=\"https://github.com/webknjaz\"\u003e\u003ccode\u003e@​webknjaz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1774\"\u003ecodecov/codecov-action#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1861\"\u003ecodecov/codecov-action#1861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1833\"\u003ecodecov/codecov-action#1833\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.0\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat: upgrade wrapper to 0.2.4 by \u003ca href=\"https://github.com/jviall\"\u003e\u003ccode\u003e@​jviall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1864\"\u003ecodecov/codecov-action#1864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/github-script by Git SHA by \u003ca href=\"https://github.com/martincostello\"\u003e\u003ccode\u003e@​martincostello\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1859\"\u003ecodecov/codecov-action#1859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: check reqs exist by \u003ca href=\"https://github.com/joseph-sentry\"\u003e\u003ccode\u003e@​joseph-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1835\"\u003ecodecov/codecov-action#1835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Typo in README by \u003ca href=\"https://github.com/spalmurray\"\u003e\u003ccode\u003e@​spalmurray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1838\"\u003ecodecov/codecov-action#1838\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Refine OIDC docs by \u003ca href=\"https://github.com/spalmurray\"\u003e\u003ccode\u003e@​spalmurray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1837\"\u003ecodecov/codecov-action#1837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1829\"\u003ecodecov/codecov-action#1829\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.4.3\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by \u003ccode\u003e@​app/dependabot\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1822\"\u003ecodecov/codecov-action#1822\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: OIDC on forks by \u003ca href=\"https://github.com/joseph-sentry\"\u003e\u003ccode\u003e@​joseph-sentry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/codecov/codecov-action/pull/1823\"\u003ecodecov/codecov-action#1823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3\"\u003ehttps://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.4.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/e79a6962e0d4c0c17b229090214935d2e33f8354\"\u003e\u003ccode\u003ee79a696\u003c/code\u003e\u003c/a\u003e chore(release): 6.0.1 (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1949\"\u003e#1949\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/codecov/codecov-action/commit/51e64229ac331acb0d7f7b17c67423995f991c79\"\u003e\u003ccode\u003e51e6422\u003c/code\u003e\u003c/a\u003e fix: prevent template injection in run: steps (VULN-1652) (\u003ca href=\"https://redirect.github.com/codecov/codecov-action/issues/1947\"\u003e#1947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/codecov/codecov-action/compare/57e3a136b779b570ffcdbf80b3bdc90e7fab3de2...e79a6962e0d4c0c17b229090214935d2e33f8354\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 2.1.36 to 4.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v2.1.36...v4.36.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/dependency-review-action` from 4.9.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/dependency-review-action/releases\"\u003eactions/dependency-review-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.0.0\u003c/h2\u003e\n\u003cp\u003eThis is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003ev2.327.1\u003c/a\u003e to run.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd .github/copilot-instructions.md for Copilot coding agent by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1067\"\u003eactions/dependency-review-action#1067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js runtime from 20 to 24 by \u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump spdx-license-ids from 3.0.20 to 3.0.23 by \u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: bump actions/checkout from v4 to v6 in workflow examples by \u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by \u003ca href=\"https://github.com/tspascoal\"\u003e\u003ccode\u003e@​tspascoal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1076\"\u003eactions/dependency-review-action#1076\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve security findings by \u003ca href=\"https://github.com/AshelyTC\"\u003e\u003ccode\u003e@​AshelyTC\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1094\"\u003eactions/dependency-review-action#1094\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5.0.0 release branch by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1098\"\u003eactions/dependency-review-action#1098\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003e\u003ccode\u003ea1d282b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1098\"\u003e#1098\u003c/a\u003e from actions/ahpook/v5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/eb6c199c5a85c7387f1f0b02b3ba5c6364740695\"\u003e\u003ccode\u003eeb6c199\u003c/code\u003e\u003c/a\u003e update examples to show \u003ca href=\"https://github.com/v5\"\u003e\u003ccode\u003e@​v5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/3943c2c5beaaaf1806eb3758273c203dabcbf89c\"\u003e\u003ccode\u003e3943c2c\u003c/code\u003e\u003c/a\u003e v5.0.0 release branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/454943c880b147adbfe7de0cdd3ece1c00882033\"\u003e\u003ccode\u003e454943c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1094\"\u003e#1094\u003c/a\u003e from actions/ashelytc/security-findings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/6d92a1228e9e9db334f02c09f84fe9217d2b4463\"\u003e\u003ccode\u003e6d92a12\u003c/code\u003e\u003c/a\u003e revert \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a8e5a7e93695b41abf6d1083cd220bee39a720f0\"\u003e\u003ccode\u003ea8e5a7e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1076\"\u003e#1076\u003c/a\u003e from tspascoal/fix-version-matching-for-non-string-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/b6b7079031ef4ed61656c221988f1f3bcbf35101\"\u003e\u003ccode\u003eb6b7079\u003c/code\u003e\u003c/a\u003e update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e to 8.40.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/821a21dd691f162c4c5c2e9754a344accde9a208\"\u003e\u003ccode\u003e821a21d\u003c/code\u003e\u003c/a\u003e update more dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/05aaaae45cf4c420de012addf2a72e3435ddaa63\"\u003e\u003ccode\u003e05aaaae\u003c/code\u003e\u003c/a\u003e run npm audit fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/55d3e754501fc13c84b95637ce51f135012d41ea\"\u003e\u003ccode\u003e55d3e75\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1077\"\u003e#1077\u003c/a\u003e from Marukome0743/docs/checkout\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/dependency-review-action/compare/2031cfc080254a8a887f58cffee85186f0e49e48...a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `goreleaser/goreleaser-action` from 7.2.1 to 7.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/goreleaser/goreleaser-action/releases\"\u003egoreleaser/goreleaser-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci(deps): bump the actions group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/560\"\u003egoreleaser/goreleaser-action#560\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: nightly resolution to select newest published release by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/562\"\u003egoreleaser/goreleaser-action#562\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/562\"\u003egoreleaser/goreleaser-action#562\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/goreleaser/goreleaser-action/compare/v7...v7.2.2\"\u003ehttps://github.com/goreleaser/goreleaser-action/compare/v7...v7.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/5daf1e915a5f0af01ddbcd89a43b8061ff4f1a89\"\u003e\u003ccode\u003e5daf1e9\u003c/code\u003e\u003c/a\u003e fix: nightly resolution to select newest published release (\u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/issues/562\"\u003e#562\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/5cc7ebb73d78b8f1d7b03c568e7df999c2889ccf\"\u003e\u003ccode\u003e5cc7ebb\u003c/code\u003e\u003c/a\u003e ci: update actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/702f5f91c9334614254ddeabeebaf820d707f0d6\"\u003e\u003ccode\u003e702f5f9\u003c/code\u003e\u003c/a\u003e ci(deps): bump the actions group with 3 updates (\u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/issues/560\"\u003e#560\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/goreleaser/goreleaser-action/compare/1a80836c5c9d9e5755a25cb59ec6f45a3b5f41a8...5daf1e915a5f0af01ddbcd89a43b8061ff4f1a89\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/labeler` from 6.0.1 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/labeler/releases\"\u003eactions/labeler's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.0\u003c/h2\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd changed-files-labels-limit and max-files-changed configuration options to cap the number of labels added by \u003ca href=\"https://github.com/bluca\"\u003e\u003ccode\u003e@​bluca\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/labeler/pull/923\"\u003eactions/labeler#923\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove Labeler Action documentation and permission error handling by \u003ca href=\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/labeler/pull/897\"\u003eactions/labeler#897\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePreserve manually added labels during workflow runs and refine label synchronization logic by \u003ca href=\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/labeler/pull/917\"\u003eactions/labeler#917\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependency Updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade brace-expansion from 1.1.11 to 1.1.12 and document breaking changes in v6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/labeler/pull/877\"\u003eactions/labeler#877\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade minimatch from 10.0.1 to 10.2.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/labeler/pull/926\"\u003eactions/labeler#926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade dependencies (\u003ccode\u003e@​actions/core\u003c/code\u003e, \u003ccode\u003e@​actions/github\u003c/code\u003e, js-yaml, minimatch, \u003ca href=\"https://github.com/typescript-eslint\"\u003e\u003ccode\u003e@​typescript-eslint\u003c/code\u003e\u003c/a\u003e) by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/labeler/pull/934\"\u003eactions/labeler#934\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chiranjib-swain\"\u003e\u003ccode\u003e@​chiranjib-swain\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/labeler/pull/897\"\u003eactions/labeler#897\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bluca\"\u003e\u003ccode\u003e@​bluca\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/labeler/pull/923\"\u003eactions/labeler#923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/labeler/pull/934\"\u003eactions/labeler#934\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/labeler/compare/v6...v6.1.0\"\u003ehttps://github.com/actions/labeler/compare/v6...v6.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/labeler/commit/f27b608878404679385c85cfa523b85ccb86e213\"\u003e\u003ccode\u003ef27b608\u003c/code\u003e\u003c/a\u003e chore: upgrade dependencies (\u003ccode\u003e@​actions/core\u003c/code\u003e, \u003ccode\u003e@​actions/github\u003c/code\u003e, js-yaml, minimat...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/labeler/commit/c5dadc2a45784a4b6adfcd20fea3465da3a5f904\"\u003e\u003ccode\u003ec5dadc2\u003c/code\u003e\u003c/a\u003e Add 'changed-files-labels-limit' and 'max-files-changed' configs to allow cap...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/labeler/commit/e52e4fb63ed5cd0e07abaad9826b2a893ccb921f\"\u003e\u003ccode\u003ee52e4fb\u003c/code\u003e\u003c/a\u003e Bump minimatch from 10.0.1 to 10.2.3 (\u003ca href=\"https://redirect.github.com/actions/labeler/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/labeler/commit/77a4082b841706ac431479b7e2bb11216ffef250\"\u003e\u003ccode\u003e77a4082\u003c/code\u003e\u003c/a\u003e Fix: Preserve manually added labels during workflow run and refine label sync...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/labeler/commit/25abb3cad4f14b7ac27968a495c37798860a5a1a\"\u003e\u003ccode\u003e25abb3c\u003c/code\u003e\u003c/a\u003e Improve Labeler Action Documentation and Error Handling for Permissions (\u003ca href=\"https://redirect.github.com/actions/labeler/issues/897\"\u003e#897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/labeler/commit/395c8cfdb1e1e691cc4bad0dd315820af8eb67fd\"\u003e\u003ccode\u003e395c8cf\u003c/code\u003e\u003c/a\u003e Bump brace-expansion from 1.1.11 to 1.1.12 and document breaking changes in v...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/labeler/compare/634933edcd8ababfe52f92936142cc22ac488b1b...f27b608878404679385c85cfa523b85ccb86e213\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google/osv-scanner-action` from 2.3.5 to 2.3.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/google/osv-scanner-action/releases\"\u003egoogle/osv-scanner-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.3.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis updates OSV-Scanner to v2.3.8.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/google/osv-scanner-action/compare/v2.3.5...v2.3.8\"\u003ehttps://github.com/google/osv-scanner-action/compare/v2.3.5...v2.3.8\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/osv-scanner-action/commit/9a498708959aeaef5ef730655706c5a1df1edbc2\"\u003e\u003ccode\u003e9a49870\u003c/code\u003e\u003c/a\u003e Update unified workflow example to point to v2.3.8 reusable workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/osv-scanner-action/commit/3adb4b14a2b0623876d18d863a498b785fb3752d\"\u003e\u003ccode\u003e3adb4b1\u003c/code\u003e\u003c/a\u003e Update reusable workflows to point to v2.3.8 actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/osv-scanner-action/commit/8dc09193bb540e09b23da07ad7e30bd33bf87018\"\u003e\u003ccode\u003e8dc0919\u003c/code\u003e\u003c/a\u003e \u0026quot;Update actions to use v2.3.8 osv-scanner image\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/osv-scanner-action/commit/43f380b8fc43a816831a9f5ee6fc91170809c7e9\"\u003e\u003ccode\u003e43f380b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/google/osv-scanner-action/issues/125\"\u003e#125\u003c/a\u003e from google/update-to-v2.3.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/osv-scanner-action/commit/dcf4ddd504dac1027e5829c1d754e4ec009ded5d\"\u003e\u003ccode\u003edcf4ddd\u003c/code\u003e\u003c/a\u003e Update unified workflow example to point to v2.3.6 reusable workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/osv-scanner-action/commit/b9dbb7ef6f6fb8d0e762912b668d2c4c236090a3\"\u003e\u003ccode\u003eb9dbb7e\u003c/code\u003e\u003c/a\u003e Update reusable workflows to point to v2.3.6 actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/osv-scanner-action/commit/fe54858b54b6e367472aa1828429dfcf3c95aba6\"\u003e\u003ccode\u003efe54858\u003c/code\u003e\u003c/a\u003e \u0026quot;Update actions to use v2.3.6 osv-scanner image\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/osv-scanner-action/commit/eb5b619bb565d10623076caba5263750fde3c790\"\u003e\u003ccode\u003eeb5b619\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/google/osv-scanner-action/issues/100\"\u003e#100\u003c/a\u003e from thomasleplus/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/osv-scanner-action/commit/9...\n\n_Description has been truncated_","html_url":"https://github.com/actions-marketplace-validations/afadesigns_zshellcheck/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions-marketplace-validations%2Fafadesigns_zshellcheck/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"2.19.3","new_version":"2.19.4","update_type":"patch","path":null,"pr_created_at":"2026-05-29T01:09:04.000Z","version_change":"2.19.3 → 2.19.4","issue":{"uuid":"4544885489","node_id":"PR_kwDOIj9M_c7gdeYW","number":2848,"state":"open","title":"chore(deps): bump step-security/harden-runner from 2.19.3 to 2.19.4","user":"dependabot[bot]","labels":["dependabot"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-29T01:09:04.000Z","updated_at":"2026-05-29T01:09:05.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"step-security/harden-runner","old_version":"2.19.3","new_version":"2.19.4","repository_url":"https://github.com/step-security/harden-runner"}],"path":null,"ecosystem":"actions"},"body":"Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.19.3 to 2.19.4.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprovements for HTTPS Monitoring for the Enterprise tier of Harden Runner\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.3...v2.19.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003e\u003ccode\u003e9af89fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/667\"\u003e#667\u003c/a\u003e from step-security/update-agent-v1.8.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/485dce8cb5d75cda51e8bfa947de06030d080208\"\u003e\u003ccode\u003e485dce8\u003c/code\u003e\u003c/a\u003e Update agent to v1.8.6\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/ab7a9404c0f3da075243ca237b5fac12c98deaa5...9af89fc71515a100421586dfdb3dc9c984fbf411\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/harden-runner\u0026package-manager=github_actions\u0026previous-version=2.19.3\u0026new-version=2.19.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/eclipse-tractusx/tractusx-edc/pull/2848","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/eclipse-tractusx%2Ftractusx-edc/issues/2848","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2848/packages"}}]}