chore: bump step-security/harden-runner from 2.11.0 to 2.11.1

[dependabot]

Bumps step-security/harden-runner from 2.11.0 to 2.11.1.

Release notes

Sourced from step-security/harden-runner's releases.

v2.11.1

What's Changed

• cache: add support for GitHub Actions cache v2 by @​h0x0er in step-security/harden-runner#529

Full Changelog: step-security/harden-runner@v2...v2.11.1

Commits

• c6295a6 Merge pull request #530 from step-security/rc-19
• 3e118b1 Improve error handling
• b38e918 Merge pull request #529 from h0x0er/jatin/cache-fix
• 0664d30 cache: added support for cache v2
• b131ca5 Merge pull request #524 from step-security/fix/security/GHSA-968p-4wvh-cqc8
• 2dc9579 Address vulnerabilities
• f054d81 Update README (#522)
• 8a09271 Update Readme (#520)
• 6ec6af7 Update readme (#518)
• 539365b Merge pull request #516 from vorburger/patch-1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[kaito-pr-agent]

Title

chore: bump step-security/harden-runner from 2.11.0 to 2.11.1

---

User description

Bumps step-security/harden-runner from 2.11.0 to 2.11.1.

Release notes

Sourced from step-security/harden-runner's releases.

v2.11.1

What's Changed

• cache: add support for GitHub Actions cache v2 by @​h0x0er in step-security/harden-runner#529

Full Changelog: step-security/harden-runner@v2...v2.11.1

Commits

• c6295a6 Merge pull request #530 from step-security/rc-19
• 3e118b1 Improve error handling
• b38e918 Merge pull request #529 from h0x0er/jatin/cache-fix
• 0664d30 cache: added support for cache v2
• b131ca5 Merge pull request #524 from step-security/fix/security/GHSA-968p-4wvh-cqc8
• 2dc9579 Address vulnerabilities
• f054d81 Update README (#522)
• 8a09271 Update Readme (#520)
• 6ec6af7 Update readme (#518)
• 539365b Merge pull request #516 from vorburger/patch-1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

PR Type

dependencies

---

Description

• Bumps step-security/harden-runner from 2.11.0 to 2.11.1.

• Updates the Harden Runner action in .github/workflows/codespell.yml.

---

Changes walkthrough 📝

	Relevant files
Dependencies	codespell.yml Update harden-runner version in codespell workflow              .github/workflows/codespell.yml Updated the uses field to point to the new version of step-security/harden-runner. +1/-1

---

Need help?

Type /help how to ... in the comments thread for any questions about PR-Agent usage.

Check out the documentation for more information.

[kaito-pr-agent]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🎫 Ticket compliance analysis 🔶 530 - Partially compliant Compliant requirements: Bump step-security/harden-runner from 2.11.0 to 3.0.0 Non-compliant requirements: None Requires further human verification: None

Estimated effort to review: 1 🔵⚪⚪⚪⚪

🧪 No relevant tests

🔒 Security concerns Sensitive information exposure: The PR updates the version of step-security/harden-runner, but the commit hash in the workflow file is still using the old version (v2.11.0). This could lead to potential vulnerabilities if the newer version includes important security patches.

⚡ Recommended focus areas for review

[kaito-pr-agent]

PR Code Suggestions ✨

No code suggestions found for the PR.