Skip to content

chore(deps): update github actions dependencies #270

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
freinold merged 1 commit into from
Jan 26, 2026
Merged

chore(deps): update github actions dependencies #270

freinold merged 1 commit into from
Jan 26, 2026

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jan 26, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change OpenSSF
github/codeql-action action patch v4.31.10v4.31.11 OpenSSF Scorecard
step-security/harden-runner action patch v2.14.0v2.14.1 OpenSSF Scorecard

Release Notes

github/codeql-action (github/codeql-action)

v4.31.11

Compare Source

  • When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #​3409
  • Improved error handling throughout the CodeQL Action. #​3415
  • Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #​3318
  • The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #​3403
step-security/harden-runner (step-security/harden-runner)

v2.14.1

Compare Source

What's Changed

  1. In some self-hosted environments, the agent could briefly fall back to public DNS resolvers during startup if the system DNS was not yet available. This behavior was unintended for GitHub-hosted runners and has now been fixed to prevent any use of public DNS resolvers.

  2. Fixed npm audit vulnerabilities

Full Changelog: step-security/harden-runner@v2.14.0...v2.14.1

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added lifecycle Update or deprecate something renovate labels Jan 26, 2026
@renovate renovate bot requested a review from freinold January 26, 2026 00:27
@renovate renovate bot added the renovate label Jan 26, 2026
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 26, 2026

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@renovate renovate bot force-pushed the renovate/github-actions branch from 4b86406 to f9c82fc Compare January 26, 2026 06:07
@renovate renovate bot changed the title chore(deps): update github/codeql-action action to v4.31.11 chore(deps): update github actions dependencies Jan 26, 2026
@freinold freinold merged commit 3daa689 into main Jan 26, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@freinold freinold Awaiting requested review from freinold

Assignees

No one assigned

Labels

lifecycle Update or deprecate something renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@freinold