build(deps): bump the actions group across 1 directory with 3 updates

[dependabot]

Bumps the actions group with 3 updates in the / directory: step-security/harden-runner, actions/checkout and chainguard-dev/actions.

Updates step-security/harden-runner from 2.19.3 to 2.19.4

Release notes

Sourced from step-security/harden-runner's releases.

v2.19.4

What's Changed

• Improvements for HTTPS Monitoring for the Enterprise tier of Harden Runner

Full Changelog: step-security/harden-runner@v2.19.3...v2.19.4

Commits

• 9af89fc Merge pull request #667 from step-security/update-agent-v1.8.6
• 485dce8 Update agent to v1.8.6
• See full diff in compare view

Updates actions/checkout from 6.0.2 to 6.0.3

Release notes

Sourced from actions/checkout's releases.

v6.0.3

What's Changed

• Update changelog by @​ericsciple in actions/checkout#2357
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in actions/checkout#2414
• Fix checkout init for SHA-256 repositories by @​yaananth in actions/checkout#2439
• Update changelog for v6.0.3 by @​yaananth in actions/checkout#2446

New Contributors

• @​yaananth made their first contribution in actions/checkout#2414

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.3

• Fix checkout init for SHA-256 repositories by @​yaananth in actions/checkout#2439
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in actions/checkout#2414

v6.0.2

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

v6.0.1

• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327

v6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

v5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

v5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

v4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

v4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774

... (truncated)

Commits

• df4cb1c Update changelog for v6.0.3 (#2446)
• 1cce339 Fix checkout init for SHA-256 repositories (#2439)
• 900f221 fix: expand merge commit SHA regex and add SHA-256 test cases (#2414)
• 0c366fd Update changelog (#2357)
• See full diff in compare view

Updates chainguard-dev/actions from 1.6.19 to 1.6.21

Release notes

Sourced from chainguard-dev/actions's releases.

v1.6.21

What's Changed

• Update git tag by @​cpanato in chainguard-dev/actions#915
• fix release workflow by @​cpanato in chainguard-dev/actions#921
• build(deps): bump peter-evans/create-pull-request from 5.0.0 to 8.1.1 in /release-notes by @​dependabot[bot] in chainguard-dev/actions#920
• build(deps): bump actions/checkout from 4.2.2 to 6.0.2 in /release-notes by @​dependabot[bot] in chainguard-dev/actions#919
• build(deps): bump chainguard-dev/actions from 1.0.2 to 1.6.19 in /release-notes by @​dependabot[bot] in chainguard-dev/actions#918
• build(deps): bump sigstore/cosign-installer from 3.8.0 to 4.1.2 in /chainguard-install by @​dependabot[bot] in chainguard-dev/actions#917
• build(deps): bump peter-evans/create-pull-request from 7.0.8 to 8.1.1 in /bump-go-version-file by @​dependabot[bot] in chainguard-dev/actions#916

Full Changelog: chainguard-dev/actions@v1.6.20...v1.6.21

v1.6.20

What's Changed

• build(deps): bump chainguard-dev/actions from 1.6.18 to 1.6.19 in /wolfi-build-pkg by @​dependabot[bot] in chainguard-dev/actions#900
• build(deps): bump chainguard-dev/actions from 1.6.18 to 1.6.19 in /melange-build by @​dependabot[bot] in chainguard-dev/actions#899
• build(deps): bump chainguard-dev/actions from 1.6.18 to 1.6.19 in /gofmt by @​dependabot[bot] in chainguard-dev/actions#896
• build(deps): bump chainguard-dev/actions from 1.6.18 to 1.6.19 in /goimports by @​dependabot[bot] in chainguard-dev/actions#897
• build(deps): bump step-security/harden-runner from 2.19.0 to 2.19.1 by @​dependabot[bot] in chainguard-dev/actions#895
• build(deps): bump chainguard-dev/actions from 1.6.18 to 1.6.19 in /inky-build-pkg by @​dependabot[bot] in chainguard-dev/actions#898
• build(deps): bump actions/setup-node from 4.4.0 to 6.4.0 by @​dependabot[bot] in chainguard-dev/actions#893
• build(deps): bump chainguard-dev/actions from 1.6.18 to 1.6.19 by @​dependabot[bot] in chainguard-dev/actions#894
• fix(ci): harden against template injection and credential exposure by @​stevebeattie in chainguard-dev/actions#901
• build(deps): bump sigstore/cosign-installer from 4.1.1 to 4.1.2 in /setup-argo-workflows by @​dependabot[bot] in chainguard-dev/actions#902
• bump tf-docs by @​cpanato in chainguard-dev/actions#903
• test-setup-kind: add explicit kvm-available and kvm-unavailable legs. by @​mattmoor in chainguard-dev/actions#905
• build(deps): bump hashicorp/setup-terraform from 4.0.0 to 4.0.1 in /setup-terraform by @​dependabot[bot] in chainguard-dev/actions#906
• build(deps): bump step-security/harden-runner from 2.19.1 to 2.19.3 by @​dependabot[bot] in chainguard-dev/actions#908
• build(deps): bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6 by @​dependabot[bot] in chainguard-dev/actions#909
• build(deps): bump protobufjs from 8.0.3 to 8.4.0 in /otel-export in the npm_and_yarn group across 1 directory by @​dependabot[bot] in chainguard-dev/actions#911
• build(deps): bump goreleaser/goreleaser-action from 7.2.1 to 7.2.2 by @​dependabot[bot] in chainguard-dev/actions#910
• build(deps): bump step-security/harden-runner from 2.19.3 to 2.19.4 by @​dependabot[bot] in chainguard-dev/actions#912
• Update Go version from 1.25 to 1.26 by @​cpanato in chainguard-dev/actions#913
• bump gitsign to release v0.16.0 by @​cpanato in chainguard-dev/actions#914

Full Changelog: chainguard-dev/actions@v1.6.19...v1.6.20

Commits

• 05fbd38 build(deps): bump peter-evans/create-pull-request (#916)
• 6a031dd build(deps): bump sigstore/cosign-installer in /chainguard-install (#917)
• 2aa42ab build(deps): bump chainguard-dev/actions in /release-notes (#918)
• 2a43818 build(deps): bump actions/checkout from 4.2.2 to 6.0.2 in /release-notes (#919)
• 90e5d19 build(deps): bump peter-evans/create-pull-request in /release-notes (#920)
• 0d3ec12 fix release workflow (#921)
• 2716a7d Update git tag (#915)
• bb3c0f7 bump gitsign to release v0.16.0 (#914)
• 3e76343 Update Go version from 1.25 to 1.26 (#913)
• 9feb67c build(deps): bump step-security/harden-runner from 2.19.3 to 2.19.4 (#912)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions