Bump the actions group with 4 updates

[dependabot]

Bumps the actions group with 4 updates: step-security/harden-runner, chainguard-dev/actions, actions/setup-node and sigstore/cosign-installer.

Updates step-security/harden-runner from 2.15.0 to 2.15.1

Release notes

Sourced from step-security/harden-runner's releases.

v2.15.1

What's Changed

• Fixes step-security/harden-runner#642 bug due to which post step was failing on Windows ARM runners
• Updates npm packages

Full Changelog: step-security/harden-runner@v2.15.0...v2.15.1

Commits

• 58077d3 Release v2.15.1 (#641)
• See full diff in compare view

Updates chainguard-dev/actions from 1.6.5 to 1.6.7

Release notes

Sourced from chainguard-dev/actions's releases.

v1.6.7

What's Changed

• Make setup-kind more reliable. by @​mattmoor in chainguard-dev/actions#797

Full Changelog: chainguard-dev/actions@v1.6.6...v1.6.7

v1.6.6

What's Changed

• build(deps): bump actions/setup-go from 6.2.0 to 6.3.0 in /setup-melange by @​dependabot[bot] in chainguard-dev/actions#780
• build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 in /kind-diag by @​dependabot[bot] in chainguard-dev/actions#781
• build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 in /nodiff by @​dependabot[bot] in chainguard-dev/actions#779
• build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 in /k8s-diag by @​dependabot[bot] in chainguard-dev/actions#778
• build(deps): bump actions/setup-go from 6.2.0 to 6.3.0 by @​dependabot[bot] in chainguard-dev/actions#776
• build(deps): bump actions/setup-go from 6.2.0 to 6.3.0 in /boilerplate by @​dependabot[bot] in chainguard-dev/actions#777
• Bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 by @​dependabot[bot] in chainguard-dev/actions#760
• build(deps): bump hashicorp/setup-terraform from 3.1.2 to 4.0.0 in /setup-terraform by @​dependabot[bot] in chainguard-dev/actions#775
• build(deps): bump chainguard-dev/actions from 1.6.4 to 1.6.5 by @​dependabot[bot] in chainguard-dev/actions#782
• build(deps): bump chainguard-dev/actions from 1.6.4 to 1.6.5 in /gofmt by @​dependabot[bot] in chainguard-dev/actions#783
• build(deps): bump chainguard-dev/actions from 1.6.4 to 1.6.5 in /melange-build by @​dependabot[bot] in chainguard-dev/actions#786
• build(deps): bump chainguard-dev/actions from 1.6.4 to 1.6.5 in /inky-build-pkg by @​dependabot[bot] in chainguard-dev/actions#785
• build(deps): bump chainguard-dev/actions from 1.6.4 to 1.6.5 in /wolfi-build-pkg by @​dependabot[bot] in chainguard-dev/actions#787
• build(deps): bump chainguard-dev/actions from 1.6.4 to 1.6.5 in /goimports by @​dependabot[bot] in chainguard-dev/actions#784
• build(deps): bump actions/setup-node from 6.2.0 to 6.3.0 in /githubapp-token by @​dependabot[bot] in chainguard-dev/actions#788
• fix(hugo2confluence): replace confluence markdown converter [ENG-4650] by @​stevebeattie in chainguard-dev/actions#789

Full Changelog: chainguard-dev/actions@v1.6.5...v1.6.6

Commits

• 5e84f02 Make setup-kind more reliable. (#797)
• e9290fa fix(hugo2confluence): replace confluence markdown converter [ENG-4650] (#789)
• 97b3a1b build(deps): bump actions/setup-node in /githubapp-token (#788)
• fc20451 build(deps): bump chainguard-dev/actions in /goimports (#784)
• 0578790 build(deps): bump chainguard-dev/actions in /wolfi-build-pkg (#787)
• 95f6175 build(deps): bump chainguard-dev/actions in /inky-build-pkg (#785)
• 1897f6f build(deps): bump chainguard-dev/actions in /melange-build (#786)
• aab57d2 build(deps): bump chainguard-dev/actions from 1.6.4 to 1.6.5 in /gofmt (#783)
• 8255ec7 build(deps): bump chainguard-dev/actions from 1.6.4 to 1.6.5 (#782)
• c4978da Bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 (#760)
• Additional commits viewable in compare view

Updates actions/setup-node from 6.2.0 to 6.3.0

Release notes

Sourced from actions/setup-node's releases.

v6.3.0

What's Changed

Enhancements:

• Support parsing devEngines field by @​susnux in actions/setup-node#1283

When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.

Dependency updates:

• Fix npm audit issues by @​gowridurgad in actions/setup-node#1491
• Replace uuid with crypto.randomUUID() by @​trivikr in actions/setup-node#1378
• Upgrade minimatch from 3.1.2 to 3.1.5 by @​dependabot in actions/setup-node#1498

Bug fixes:

• Remove hardcoded bearer for mirror-url @​marco-ippolito in actions/setup-node#1467
• Scope test lockfiles by package manager and update cache tests by @​gowridurgad in actions/setup-node#1495

New Contributors

• @​susnux made their first contribution in actions/setup-node#1283

Full Changelog: actions/setup-node@v6...v6.3.0

Commits

• 53b8394 Bump minimatch from 3.1.2 to 3.1.5 (#1498)
• 54045ab Scope test lockfiles by package manager and update cache tests (#1495)
• c882bff Replace uuid with crypto.randomUUID() (#1378)
• 774c1d6 feat(node-version-file): support parsing devEngines field (#1283)
• efcb663 fix: remove hardcoded bearer (#1467)
• d02c89d Fix npm audit issues (#1491)
• See full diff in compare view

Updates sigstore/cosign-installer from 4.0.0 to 4.1.0

Release notes

Sourced from sigstore/cosign-installer's releases.

v4.1.0

What's Changed

We recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing with: cosign-release and strongly discourage using cosign-release unless you have a specific reason to use an older version of Cosign.

• Bump cosign to 3.0.5 in sigstore/cosign-installer#220
• fix: add retry to curl downloads for transient network failures in sigstore/cosign-installer#210

Full Changelog: sigstore/cosign-installer@v4.0.0...v4.1.0

Commits

• ba7bc0a fix: add retry to curl downloads for transient network failures (#210)
• 5a292e1 Bump cosign to 3.0.5 (#220)
• 351ea76 Bump actions/checkout from 6.0.1 to 6.0.2 (#217)
• c17565f test with go 1.26 too (#221)
• a6fdd19 Bump actions/setup-go from 6.1.0 to 6.3.0 (#218)
• 430b6a7 docs: fix registry from gcr.io to ghcr.io (#213)
• 4d14d7f feat: update to v3.0.3 (#212)
• f148005 fix: use env vars for template expansions; show curl errors (#207)
• c3f2d79 Bump actions/checkout from 6.0.0 to 6.0.1 (#208)
• b9a9af4 drop tests with go1.24 as it cant build (#211)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[netlify]

✅ Deploy Preview for ornate-narwhal-088216 ready!

Name	Link
🔨 Latest commit	ab24fae
🔍 Latest deploy log	https://app.netlify.com/projects/ornate-narwhal-088216/deploys/69af524c3f779800082307ab
😎 Deploy Preview	https://deploy-preview-3057--ornate-narwhal-088216.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.