[ci][skip-ci](deps): Bump the github-actions group across 1 directory with 12 updates

[dependabot]

Bumps the github-actions group with 12 updates in the / directory:

Package	From	To
step-security/harden-runner	2.13.0	2.13.1
actions/checkout	4.2.2	5.0.0
actions/first-interaction	2.0.0	3.1.0
actions/labeler	5.0.0	6.0.1
oxsecurity/megalinter	8.8.0	9.1.0
google/osv-scanner-action	2.1.0	2.2.3
actions/setup-node	4.4.0	5.0.0
actions/cache	4.2.3	4.3.0
ossf/scorecard-action	2.4.0	2.4.3
actions/stale	9.1.0	10.1.0
actions/ai-inference	1.2.3	2.0.1
trufflesecurity/trufflehog	3.90.2	3.90.8

Updates step-security/harden-runner from 2.13.0 to 2.13.1

Release notes

Sourced from step-security/harden-runner's releases.

v2.13.1

What's Changed

• Graceful handling of HTTP errors: Improved error handling when fetching Harden Runner policies from the StepSecurity Policy Store API, ensuring more reliable execution even in case of temporary network/API issues.

• Security updates for npm dependencies: Updated vulnerable npm package dependencies to the latest secure versions.

• Faster enterprise agent downloads: The enterprise agent is now downloaded from GitHub Releases instead of packages.stepsecurity.io, improving download speed and reliability.

Full Changelog: step-security/harden-runner@v2.13.0...v2.13.1

Commits

• f4a75cf Merge pull request #588 from step-security/rc-26
• 95503d0 ci: remove code-review workflow
• 4b250a0 ci: add job to confirm dist is as expected
• 5b0ab6a update dependencies
• d11f2c1 fix bug where status code was not being preserved
• b3fc98e improve error handling for policy store sceanrio
• 92fc5d4 update error message
• b61b0a4 policy store improvements
• e3d3f2b use GitHub release instead of packages
• 646ac01 update agent
• Additional commits viewable in compare view

Updates actions/checkout from 4.2.2 to 5.0.0

Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226
• Prepare v5.0.0 release by @​salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.0

What's Changed

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236
• Prepare release v4.3.0 by @​salmanmkc in actions/checkout#2237

New Contributors

• @​motss made their first contribution in actions/checkout#1971
• @​mouismail made their first contribution in actions/checkout#1977
• @​benwells made their first contribution in actions/checkout#2043
• @​nebuk89 made their first contribution in actions/checkout#2194
• @​salmanmkc made their first contribution in actions/checkout#2236

Full Changelog: actions/checkout@v4...v4.3.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

V5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

V4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

v4.1.5

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695
• README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @​cory-miller in actions/checkout#1707

v4.1.4

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in actions/checkout#1692
• Add dependabot config by @​cory-miller in actions/checkout#1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in actions/checkout#1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in actions/checkout#1643

v4.1.3

... (truncated)

Commits

• 08c6903 Prepare v5.0.0 release (#2238)
• 9f26565 Update actions checkout to use node 24 (#2226)
• 08eba0b Prepare release v4.3.0 (#2237)
• 631c7dc Update package dependencies (#2236)
• 8edcb1b Update CODEOWNERS for actions (#2224)
• 09d2aca Update README.md (#2194)
• 85e6279 Adjust positioning of user email note and permissions heading (#2044)
• 009b9ae Documentation update - add recommended permissions to Readme (#2043)
• cbb7224 Update README.md (#1977)
• 3b9b8c8 docs: update README.md (#1971)
• See full diff in compare view

Updates actions/first-interaction from 2.0.0 to 3.1.0

Release notes

Sourced from actions/first-interaction's releases.

v3.1.0

What's Changed

• Bump the npm-development group across 1 directory with 7 updates by @​dependabot[bot] in actions/first-interaction#339
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in actions/first-interaction#336
• Bump jest and @​types/jest by @​dependabot[bot] in actions/first-interaction#338
• Bump the npm-development group with 4 updates by @​dependabot[bot] in actions/first-interaction#341
• Fix workflow inputs by @​ncalteen in actions/first-interaction#344
• Bump actions/setup-node from 4 to 5 by @​dependabot[bot] in actions/first-interaction#348
• Bump @​rollup/rollup-linux-x64-gnu from 4.48.1 to 4.50.1 by @​dependabot[bot] in actions/first-interaction#347
• Bump the npm-development group with 8 updates by @​dependabot[bot] in actions/first-interaction#346
• Expand supported event types by @​ncalteen in actions/first-interaction#349
• Bump the npm-development group with 6 updates by @​dependabot[bot] in actions/first-interaction#353
• Bump @​github/local-action from 5.2.0 to 6.0.0 by @​dependabot[bot] in actions/first-interaction#351
• Fix event action check by @​ncalteen in actions/first-interaction#354
• Bump @​octokit/types from 14.1.0 to 15.0.0 by @​dependabot[bot] in actions/first-interaction#357
• Bump @​rollup/rollup-linux-x64-gnu from 4.50.2 to 4.52.3 by @​dependabot[bot] in actions/first-interaction#361
• Bump the npm-development group across 1 directory with 10 updates by @​dependabot[bot] in actions/first-interaction#363

Full Changelog: actions/first-interaction@v3.0...v3.1.0

v3.0.0

What's Changed

• Bump @​github/local-action from 2.6.4 to 5.1.0 by @​dependabot[bot] in actions/first-interaction#324
• Bump eslint-import-resolver-typescript from 3.8.2 to 4.4.4 by @​dependabot[bot] in actions/first-interaction#325
• Bump the npm-development group with 5 updates by @​dependabot[bot] in actions/first-interaction#326
• Bump the npm-development group with 7 updates by @​dependabot[bot] in actions/first-interaction#333
• Bump super-linter/super-linter from 7 to 8 by @​dependabot[bot] in actions/first-interaction#328
• Bump eslint-plugin-jest from 28.11.0 to 29.0.1 by @​dependabot[bot] in actions/first-interaction#331
• Bump @​rollup/rollup-linux-x64-gnu from 4.45.1 to 4.46.2 by @​dependabot[bot] in actions/first-interaction#330
• Bump @​jest/globals from 29.7.0 to 30.0.5 by @​dependabot[bot] in actions/first-interaction#332
• Bump @​octokit/rest from 21.1.1 to 22.0.0 by @​dependabot[bot] in actions/first-interaction#329
• Add actionlint configuration by @​ncalteen in actions/first-interaction#334
• Node 24 support by @​salmanmkc in actions/first-interaction#327
• Prepare release v3.0.0 by @​salmanmkc in actions/first-interaction#335

New Contributors

• @​salmanmkc made their first contribution in actions/first-interaction#327

Full Changelog: actions/first-interaction@v2...v3.0.0

Commits

• 1c46889 Merge pull request #363 from actions/dependabot/npm_and_yarn/npm-development-...
• 76a99dd Disable checks for dist
• 2ead13c Bump the npm-development group across 1 directory with 10 updates
• 2e8e200 Merge pull request #361 from actions/dependabot/npm_and_yarn/rollup/rollup-li...
• df55979 Merge pull request #357 from actions/dependabot/npm_and_yarn/octokit/types-15...
• c056c18 Bump @​rollup/rollup-linux-x64-gnu from 4.50.2 to 4.52.3
• dac371d Bump @​octokit/types from 14.1.0 to 15.0.0
• 33689d3 Merge pull request #354 from actions/ncalteen/event
• 8e69b57 Merge branch 'main' into ncalteen/event
• 69c5373 Merge pull request #351 from actions/dependabot/npm_and_yarn/github/local-act...
• Additional commits viewable in compare view

Updates actions/labeler from 5.0.0 to 6.0.1

Release notes

Sourced from actions/labeler's releases.

v6.0.1

What's Changed

• Upgrade publish-action from 0.2.2 to 0.4.0 by @​aparnajyothi-y in actions/labeler#901

New Contributors

• @​aparnajyothi-y made their first contribution in actions/labeler#901

Full Changelog: actions/labeler@v6.0.0...v6.0.1

v6.0.0

What's Changed

• Add workflow file for publishing releases to immutable action package by @​jcambass in actions/labeler#802

Breaking Changes

• Upgrade Node.js version to 24 in action and dependencies @​salmanmkc in actions/labeler#891 Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. Release Notes

Dependency Upgrades

• Upgrade eslint-config-prettier from 9.0.0 to 9.1.0 by @​dependabot[bot] in actions/labeler#711
• Upgrade eslint from 8.52.0 to 8.55.0 by @​dependabot[bot] in actions/labeler#720
• Upgrade @​types/jest from 29.5.6 to 29.5.11 by @​dependabot[bot] in actions/labeler#719
• Upgrade @​types/js-yaml from 4.0.8 to 4.0.9 by @​dependabot[bot] in actions/labeler#718
• Upgrade @​typescript-eslint/parser from 6.9.0 to 6.14.0 by @​dependabot[bot] in actions/labeler#717
• Upgrade prettier from 3.0.3 to 3.1.1 by @​dependabot[bot] in actions/labeler#726
• Upgrade eslint from 8.55.0 to 8.56.0 by @​dependabot[bot] in actions/labeler#725
• Upgrade @​typescript-eslint/parser from 6.14.0 to 6.19.0 by @​dependabot[bot] in actions/labeler#745
• Upgrade eslint-plugin-jest from 27.4.3 to 27.6.3 by @​dependabot[bot] in actions/labeler#744
• Upgrade @​typescript-eslint/eslint-plugin from 6.9.0 to 6.20.0 by @​dependabot[bot] in actions/labeler#750
• Upgrade prettier from 3.1.1 to 3.2.5 by @​dependabot[bot] in actions/labeler#752
• Upgrade undici from 5.26.5 to 5.28.3 by @​dependabot[bot] in actions/labeler#757
• Upgrade braces from 3.0.2 to 3.0.3 by @​dependabot[bot] in actions/labeler#789
• Upgrade minimatch from 9.0.3 to 10.0.1 by @​dependabot[bot] in actions/labeler#805
• Upgrade @​actions/core from 1.10.1 to 1.11.1 by @​dependabot[bot] in actions/labeler#811
• Upgrade typescript from 5.4.3 to 5.7.2 by @​dependabot[bot] in actions/labeler#819
• Upgrade @​typescript-eslint/parser from 7.3.1 to 8.17.0 by @​dependabot[bot] in actions/labeler#824
• Upgrade prettier from 3.2.5 to 3.4.2 by @​dependabot[bot] in actions/labeler#825
• Upgrade @​types/jest from 29.5.12 to 29.5.14 by @​dependabot[bot] in actions/labeler#827
• Upgrade eslint-plugin-jest from 27.9.0 to 28.9.0 by @​dependabot[bot] in actions/labeler#832
• Upgrade ts-jest from 29.1.2 to 29.2.5 by @​dependabot[bot] in actions/labeler#831
• Upgrade @​vercel/ncc from 0.38.1 to 0.38.3 by @​dependabot[bot] in actions/labeler#830
• Upgrade typescript from 5.7.2 to 5.7.3 by @​dependabot[bot] in actions/labeler#835
• Upgrade eslint-plugin-jest from 28.9.0 to 28.11.0 by @​dependabot[bot] in actions/labeler#839
• Upgrade undici from 5.28.4 to 5.28.5 by @​dependabot[bot] in actions/labeler#842
• Upgrade @​octokit/request-error from 5.0.1 to 5.1.1 by @​dependabot[bot] in actions/labeler#846

Documentation changes

• Add note regarding pull_request_target to README.md by @​silverwind in actions/labeler#669
• Update readme with additional examples and important note about pull_request_target event by @​IvanZosimov in actions/labeler#721
• Document update - permission section by @​harithavattikuti in actions/labeler#840

... (truncated)

Commits

• 634933e publish-action upgrade to 0.4.0 from 0.2.2 (#901)
• f1a63e8 Update Node.js version to 24 in action and dependencies (#891)
• b0a1180 Bump @​octokit/request-error from 5.0.1 to 5.1.1 (#846)
• 110d441 Update README.md (#871)
• bee50fe Bump undici from 5.28.4 to 5.28.5 (#842)
• 6463cdb Bump eslint-plugin-jest from 28.9.0 to 28.11.0 (#839)
• c209686 Bump typescript from 5.7.2 to 5.7.3 (#835)
• 5184940 Bump @​vercel/ncc from 0.38.1 to 0.38.3 (#830)
• 3629d55 Document update - permission section (#840)
• d24f7f3 Bump ts-jest from 29.1.2 to 29.2.5 (#831)
• Additional commits viewable in compare view

Updates oxsecurity/megalinter from 8.8.0 to 9.1.0

Release notes

Sourced from oxsecurity/megalinter's releases.

v9.1.0

What's Changed

• New linters

  • Add Robocop linter, by @​bdovaz in oxsecurity/megalinter#6232

• Linters enhancements

  • Python Linting: Added more file type supports for various linters. Full description here

• Doc

  • Add OLLAMA_BASE_URL is MegaLinter config Json schema

• Flavors

  • Custom flavors: Add workflow to automate detection of new MegaLinter versions and generation of new Custom Flavor

• CI

  • Fix v9 release issue + mark hardcoded versions to upgrade at each new major release.

• Linter versions upgrades (22)

  • ansible-lint from 25.9.0 to 25.9.1
  • bicep_linter from 0.37.4 to 0.38.33
  • cfn-lint from 1.39.1 to 1.40.0
  • checkstyle from 11.0.1 to 11.1.0
  • clj-kondo from 2025.09.19 to 2025.09.22
  • golangci-lint from 2.4.0 to 2.5.0
  • hadolint from 2.13.1 to 2.14.0
  • isort from 6.0.1 to 6.1.0
  • kics from 2.1.13 to 2.1.14
  • npm-groovy-lint from 15.2.1 to 15.2.2
  • php-cs-fixer from 3.87.2 to 3.88.2
  • phpstan from 2.1.28 to 2.1.30
  • pylint from 3.3.8 to 3.3.9
  • pyright from 1.1.405 to 1.1.406
  • robocop from 6.7.0 to 6.7.2
  • rubocop from 1.80.2 to 1.81.1
  • ruff-format from 0.13.1 to 0.13.3
  • ruff from 0.13.1 to 0.13.3
  • snakemake from 9.11.4 to 9.11.9
  • terraform-fmt from 1.13.2 to 1.13.3
  • terragrunt from 0.87.2 to 0.88.1
  • trivy from 0.66.0 to 0.67.0

• chore(deps): update alpine/terragrunt docker tag to v1.13.3 by @​renovate[bot] in oxsecurity/megalinter#6201
• chore(deps): update dependency @​salesforce/cli to v2.106.6 by @​renovate[bot] in oxsecurity/megalinter#6199
• chore(deps): update dependency fastapi to v0.117.1 by @​renovate[bot] in oxsecurity/megalinter#6195
• chore(deps): update dependency @​salesforce/plugin-packaging to v2.20.4 by @​renovate[bot] in oxsecurity/megalinter#6198
• chore(deps): update dependency sfdx-hardis to v6.5.2 by @​renovate[bot] in oxsecurity/megalinter#6202

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

• Core

• New linters

• Disabled linters

• Removed linters

• Media

• Linters enhancements

• Fixes

• Reporters

• Doc

• Flavors

• CI

• mega-linter-runner

• Linter versions upgrades (N)

  • checkstyle from 11.1.0 to 12.0.0 on 2025-10-09
  • scalafix from 0.14.3 to 0.14.4 on 2025-10-09
  • xmllint from 21308 to 21309 on 2025-10-09

[v9.1.0] - 2025-10-07

• New linters

  • Add Robocop linter, by @​bdovaz in oxsecurity/megalinter#6232

• Linters enhancements

  • Python Linting: Added more file type supports for various linters. Full description here

• Doc

  • Add OLLAMA_BASE_URL is MegaLinter config Json schema

... (truncated)

Commits

• 62c799d Release MegaLinter v9.1.0
• 6158659 [automation] Auto-update linters version, help and documentation (#6299)
• 013588a chore(deps): update dependency lightning-flow-scanner to v5.6.2 (#6301)
• ee69172 chore(deps): update dependency isort to v6.1.0 (#6300)
• 49e1637 chore(deps): update dependency eslint-plugin-jsonc to v2.21.0 (#6298)
• 1db8d0f chore(deps): update dependency eslint to v9.37.0 (#6297)
• f26af91 [automation] Auto-update linters version, help and documentation (#6296)
• 9786a83 chore(deps): update dependency cfn-lint to v1.40.0 (#6295)
• 69457fc chore(deps): update dependency azure/bicep to v0.38.33 (#6294)
• 4ae0e6f chore(deps): update dependency npm-groovy-lint to v15.2.2 (#6293)
• Additional commits viewable in compare view

Updates google/osv-scanner-action from 2.1.0 to 2.2.3

Release notes

Sourced from google/osv-scanner-action's releases.

v2.2.3

What's Changed

• chore(deps): update workflows by @​renovate-bot in google/osv-scanner-action#86
• chore(deps): update workflows to v5 (major) by @​renovate-bot in google/osv-scanner-action#87
• Update to v2.2.3 by @​jess-lowe in google/osv-scanner-action#101

Full Changelog: google/osv-scanner-action@v2.2.2...v2.2.3

v2.2.2

This updates OSV-Scanner to v2.2.2.

What's Changed

• docs: Update Automatic install instructions by @​another-rex in google/osv-scanner-action#94
• Update to v2.2.2 by @​cuixq in google/osv-scanner-action#95

Full Changelog: google/osv-scanner-action@v2.2.1...v2.2.2

v2.2.1

What's Changed

OSV-Scanner now supports all OSV-Scalibr features behind experimental flags (--experimental-plugins, see details here)!

Features:

• [Feature #2146](google/osv-scanner#2146) Allow manual OSV-Scalibr plugin selection.
• [Feature #2144](google/osv-scanner#2144) Add OSV-Scalibr version to osv-scanner --version output.
• [Feature #2021](google/osv-scanner#2021) Add experimental support for running OSV-Scalibr detectors.
• [Feature #2079](google/osv-scanner#2079) Fall back to offline extractor if the transitive one fails, so at least direct dependencies are returned.
• [Feature #2032](google/osv-scanner#2032) Add summary section at the top of outputs and a 'Fixed Version' column.
• [Feature #2076](google/osv-scanner#2076) Support Ubuntu severity type.

Fixes:

• [Bug #2141](google/osv-scanner#2141) Fix OSV-Scanner json scans not matching with correct ecosystem.
• [Bug #2084](google/osv-scanner#2084) Show absolute paths when scanning containers.
• [Bug #2126](google/osv-scanner#2126) Log and preserve package count before continuing on db error.
• [Bug #2095](google/osv-scanner#2095) Pass through plugin capabilities correctly.
• [Bug #2051](google/osv-scanner#2051) Properly flag if running on Linux or Mac OSs for plugin compatibility.
• [Bug #2072](google/osv-scanner#2072) Add missing "text" property in description fields.
• [Bug #2068](google/osv-scanner#2068) Change links in output to go to the specific vulnerability page instead of the list page.
• [Bug #2064](google/osv-scanner#2064) Fix SARIF v3 output to include results.
• [Bug #2151](google/osv-scanner#2151) Filter by ecosystem before querying.

API Changes:

• [API Change #2096](google/osv-scanner#2096) Allow log handler to be overridden.

... (truncated)

Commits

• e92b5d0 Merge pull request #101 from google/update-to-v2.2.3
• c1fee26 Update unified workflow example to point to v2.2.3 reusable workflows
• e161549 Update reusable workflows to point to v2.2.3 actions
• b930bc9 "Update actions to use v2.2.3 osv-scanner image"
• c0e8a11 Merge pull request #87 from renovate-bot/renovate/major-workflows
• f317cb8 chore(deps): update workflows to v5
• 9e22416 Merge pull request #86 from renovate-bot/renovate/workflows
• 90b209d Merge pull request #95 from google/update-to-v2.2.2
• 4971fe8 Update unified workflow example to point to v2.2.2 reusable workflows
• 9d4732e Update reusable workflows to point to v2.2.2 actions
• Additional commits viewable in compare view

Updates actions/setup-node from 4.4.0 to 5.0.0

Release notes

Sourced from actions/setup-node's releases.

v5.0.0

What's Changed

Breaking Changes

• Enhance caching in setup-node with automatic package manager detection by @​priya-kinthali in actions/setup-node#1348

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

• Upgrade action to use node24 by @​salmanmkc in actions/setup-node#1325

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

• Upgrade @​octokit/request-error and @​actions/github by @​dependabot[bot] in actions/setup-node#1227
• Upgrade uuid from 9.0.1 to 11.1.0 by @​dependabot[bot] in actions/setup-node#1273
• Upgrade undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in actions/setup-node#1295
• Upgrade form-data to bring in fix for critical vulnerability by @​gowridurgad in actions/setup-node#1332
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in actions/setup-node#1345

New Contributors

• @​priya-kinthali made their first contribution in actions/setup-node#1348
• @​salmanmkc made their first contribution in actions/setup-node#1325

Full Changelog: actions/setup-node@v4...v5.0.0

Commits

• a0853c2 Bump actions/checkout from 4 to 5 (#1345)
• b7234cc Upgrade action to use node24 (#1325)
• d7a1131 Enhance caching in setup-node with automatic package manager detection (#1348)
• 5e2628c Bumps form-data (#1332)
• 65becef Bump undici from 5.28.5 to 5.29.0 (#1295)
• 7e24a65 Bump uuid from 9.0.1 to 11.1.0 (#1273)
• 08f58d1 Bump @​octokit/request-error and @​actions/github (#1227)
• See full diff in compare view

Updates actions/cache from 4.2.3 to 4.3.0

Release notes

Sourced from actions/cache's releases.

v4.3.0

What's Changed

• Add note on runner versions by @​GhadimiR in actions/cache#1642
• Prepare v4.3.0 release by @​Link- in actions/cache#1655

New Contributors

• @​GhadimiR made their first contribution in actions/cache#1642

Full Changelog: actions/cache@v4...v4.3.0

v4.2.4

What's Changed

• Update README.md by @​nebuk89 in actions/cache#1620
• Upgrade @actions/cache to 4.0.5 and move @protobuf-ts/plugin to dev depdencies by @​Link- in actions/cache#1634
• Prepare release 4.2.4 by @​Link- in actions/cache#1636

New Contributors

• @​nebuk89 made their first contribution in actions/cache#1620

Full Changelog: actions/cache@v4...v4.2.4

Changelog

Sourced fro...

Description has been truncated

[dependabot]

Labels

The following labels could not be found: dependabot, dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Dependabot attempted to update this pull request, but because the branch dependabot/github_actions/github-actions-a70b045ae5 is protected it was unable to do so.