[ci][skip-ci](deps): Bump the github-actions group with 16 updates

[dependabot]

Bumps the github-actions group with 16 updates:

Package	From	To
step-security/harden-runner	2.13.1	2.14.0
actions/checkout	5.0.0	6.0.1
devops-actions/actionlint	0.1.9	0.1.10
github/codeql-action	4.31.2	4.31.9
actions/dependency-review-action	4.8.1	4.8.2
oxsecurity/megalinter	9.1.0	9.2.0
actions/upload-artifact	5.0.0	6.0.0
google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml	2.2.4	2.3.1
google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml	2.2.4	2.3.1
actions/setup-node	6.0.0	6.1.0
actions/cache	4.3.0	5.0.1
actions/stale	10.1.0	10.1.1
actions/ai-inference	2.0.1	2.0.4
codecov/codecov-action	5.5.1	5.5.2
trufflesecurity/trufflehog	3.90.12	3.92.4
peter-evans/create-pull-request	7.0.8	8.0.0

Updates step-security/harden-runner from 2.13.1 to 2.14.0

Release notes

Sourced from step-security/harden-runner's releases.

v2.14.0

What's Changed

• Selective installation: Harden-Runner now skips installation on GitHub-hosted runners when the repository has a custom property skip_harden_runner, allowing organizations to opt out specific repos.
• Avoid double install: The action no longer installs Harden-Runner if it’s already present on a GitHub-hosted runner, which could happen when a composite action also installs it.

Full Changelog: step-security/harden-runner@v2.13.3...v2.14.0

v2.13.3

What's Changed

• Fixed an issue where process events were not uploaded in certain edge cases.

Full Changelog: step-security/harden-runner@v2.13.2...v2.13.3

v2.13.2

What's Changed

• Fixed an issue where there was a limit of 512 allowed endpoints when using block egress policy. This restriction has been removed, allowing for an unlimited number of endpoints to be configured.
• Harden Runner now automatically detects if the agent is already pre-installed on a custom VM image used by a GitHub-hosted runner. When detected, the action will skip reinstallation and use the existing agent.

Full Changelog: step-security/harden-runner@v2.13.1...v2.13.2

Commits

• 20cf305 Merge pull request #622 from step-security/feature/custom-property-skip
• c51e8ee feat: skip agent install and post step on subsequent runs for GitHub-hosted r...
• e152b90 feat: skip harden-runner based on repository custom property
• ee1faec feat: replace skip-harden-runner with skip-on-custom-property input
• 1dc7c17 feat: add skip-harden-runner input to conditionally skip execution
• df199fb Merge pull request #620 from step-security/rc-29
• 03d096a update agent
• 4090107 fix: update agent
• 95d9a5d Merge pull request #606 from step-security/rc-28
• 87e429d Update limitations.md
• Additional commits viewable in compare view

Updates actions/checkout from 5.0.0 to 6.0.1

Release notes

Sourced from actions/checkout's releases.

v6.0.1

What's Changed

• Update all references from v5 and v4 to v6 by @​ericsciple in actions/checkout#2314
• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327
• Clarify v6 README by @​ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298
• update readme/changelog for v6 by @​ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

v5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

v5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

v4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

v4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

v4.1.5

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695

... (truncated)

Commits

• 8e8c483 Clarify v6 README (#2328)
• 033fa0d Add worktree support for persist-credentials includeIf (#2327)
• c2d88d3 Update all references from v5 and v4 to v6 (#2314)
• 1af3b93 update readme/changelog for v6 (#2311)
• 71cf226 v6-beta (#2298)
• 069c695 Persist creds to a separate file (#2286)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• See full diff in compare view

Updates devops-actions/actionlint from 0.1.9 to 0.1.10

Release notes

Sourced from devops-actions/actionlint's releases.

Release v0.1.10

What's Changed

• [StepSecurity] Apply security best practices by @​step-security-bot in devops-actions/actionlint#66
• Correctly capitalize the variable name to match the setting by @​rajbos in devops-actions/actionlint#67
• [StepSecurity] ci: Harden GitHub Actions by @​step-security-bot in devops-actions/actionlint#68
• Add toplevel permissions with minimal scope by @​rajbos in devops-actions/actionlint#69
• Adding correct token scopes by @​rajbos in devops-actions/actionlint#70
• Bump step-security/harden-runner from 2.10.4 to 2.11.0 by @​dependabot[bot] in devops-actions/actionlint#73
• Bump actions/checkout from 4.1.1 to 4.2.2 by @​dependabot[bot] in devops-actions/actionlint#72
• Update actionlint version to 1.7.7 by @​github-actions[bot] in devops-actions/actionlint#71
• Bump actions/upload-artifact from 4.6.0 to 4.6.1 by @​dependabot[bot] in devops-actions/actionlint#77
• Bump github/codeql-action from 3.28.9 to 3.28.10 by @​dependabot[bot] in devops-actions/actionlint#76
• Bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @​dependabot[bot] in devops-actions/actionlint#75
• Bump github/codeql-action from 3.28.10 to 3.28.11 by @​dependabot[bot] in devops-actions/actionlint#78
• Bump github/codeql-action from 3.28.11 to 3.28.12 by @​dependabot[bot] in devops-actions/actionlint#80
• Bump actions/upload-artifact from 4.6.1 to 4.6.2 by @​dependabot[bot] in devops-actions/actionlint#79
• Bump github/codeql-action from 3.28.12 to 3.28.13 by @​dependabot[bot] in devops-actions/actionlint#81
• Bump actions/dependency-review-action from 4.5.0 to 4.6.0 by @​dependabot[bot] in devops-actions/actionlint#84
• Bump step-security/harden-runner from 2.11.0 to 2.11.1 by @​dependabot[bot] in devops-actions/actionlint#83
• Bump github/codeql-action from 3.28.13 to 3.28.14 by @​dependabot[bot] in devops-actions/actionlint#82
• Bump github/codeql-action from 3.28.14 to 3.28.15 by @​dependabot[bot] in devops-actions/actionlint#85
• Bump actions/dependency-review-action from 4.6.0 to 4.7.0 by @​dependabot[bot] in devops-actions/actionlint#88
• Bump step-security/harden-runner from 2.11.1 to 2.12.0 by @​dependabot[bot] in devops-actions/actionlint#87
• Bump github/codeql-action from 3.28.15 to 3.28.17 by @​dependabot[bot] in devops-actions/actionlint#86
• Bump actions/dependency-review-action from 4.7.0 to 4.7.1 by @​dependabot[bot] in devops-actions/actionlint#90
• Bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot[bot] in devops-actions/actionlint#91
• Bump github/codeql-action from 3.28.17 to 3.28.19 by @​dependabot[bot] in devops-actions/actionlint#92
• Bump step-security/harden-runner from 2.12.0 to 2.12.1 by @​dependabot[bot] in devops-actions/actionlint#93
• Bump github/codeql-action from 3.28.19 to 3.29.0 by @​dependabot[bot] in devops-actions/actionlint#94
• Bump step-security/harden-runner from 2.12.1 to 2.12.2 by @​dependabot[bot] in devops-actions/actionlint#96
• Bump github/codeql-action from 3.29.0 to 3.29.2 by @​dependabot[bot] in devops-actions/actionlint#97
• Bump github/codeql-action from 3.29.2 to 3.29.5 by @​dependabot[bot] in devops-actions/actionlint#99
• Bump step-security/harden-runner from 2.12.2 to 2.13.0 by @​dependabot[bot] in devops-actions/actionlint#98
• Update actionlint version to 1.7.7 by @​github-actions[bot] in devops-actions/actionlint#74
• Bump github/codeql-action from 3.29.7 to 3.29.8 by @​dependabot[bot] in devops-actions/actionlint#100
• Bump actions/dependency-review-action from 4.7.1 to 4.7.3 by @​dependabot[bot] in devops-actions/actionlint#107
• Bump step-security/harden-runner from 2.13.0 to 2.13.1 by @​dependabot[bot] in devops-actions/actionlint#109
• Bump github/codeql-action from 3.29.8 to 3.30.3 by @​dependabot[bot] in devops-actions/actionlint#108
• Bump actions/dependency-review-action from 4.7.3 to 4.8.0 by @​dependabot[bot] in devops-actions/actionlint#111
• Bump github/codeql-action from 3.30.3 to 3.30.5 by @​dependabot[bot] in devops-actions/actionlint#110
• Bump github/codeql-action from 3.30.5 to 4.31.2 by @​dependabot[bot] in devops-actions/actionlint#120
• Bump actions/dependency-review-action from 4.8.0 to 4.8.1 by @​dependabot[bot] in devops-actions/actionlint#115
• Update actionlint version to 1.7.8 by @​github-actions[bot] in devops-actions/actionlint#114
• Bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in devops-actions/actionlint#101
• Bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @​dependabot[bot] in devops-actions/actionlint#113
• Bump step-security/harden-runner from 2.13.1 to 2.13.2 by @​dependabot[bot] in devops-actions/actionlint#119
• Update actionlint version to 1.7.9 by @​github-actions[bot] in devops-actions/actionlint#121

New Contributors

• @​step-security-bot made their first contribution in devops-actions/actionlint#66

... (truncated)

Commits

• 467e2ce Update actionlint version to 1.7.9 (#121)
• 5e11a36 Bump step-security/harden-runner from 2.13.1 to 2.13.2 (#119)
• 666c887 Bump ossf/scorecard-action from 2.4.2 to 2.4.3 (#113)
• a17659a Bump actions/checkout from 4.2.2 to 5.0.0 (#101)
• 21c0ee2 Update actionlint version to 1.7.8 (#114)
• 78d8915 Bump actions/dependency-review-action from 4.8.0 to 4.8.1 (#115)
• 6b74735 Bump github/codeql-action from 3.30.5 to 4.31.2 (#120)
• b37d855 Bump github/codeql-action from 3.30.3 to 3.30.5 (#110)
• ecd00d8 Bump actions/dependency-review-action from 4.7.3 to 4.8.0 (#111)
• a923f5d Bump github/codeql-action from 3.29.8 to 3.30.3 (#108)
• Additional commits viewable in compare view

Updates github/codeql-action from 4.31.2 to 4.31.9

Release notes

Sourced from github/codeql-action's releases.

v4.31.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.9 - 16 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.8 - 11 Dec 2025

• Update default CodeQL bundle version to 2.23.8. #3354

See the full CHANGELOG.md for more information.

v4.31.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.7 - 05 Dec 2025

• Update default CodeQL bundle version to 2.23.7. #3343

See the full CHANGELOG.md for more information.

v4.31.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.6 - 01 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.5 - 24 Nov 2025

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.9 - 16 Dec 2025

No user facing changes.

4.31.8 - 11 Dec 2025

• Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

• Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

• Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

• CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
• Update default CodeQL bundle version to 2.23.5. #3288

4.31.2 - 30 Oct 2025

No user facing changes.

4.31.1 - 30 Oct 2025

• The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

4.31.0 - 24 Oct 2025

• Bump minimum CodeQL bundle version to 2.17.6. #3223
• When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

... (truncated)

Commits

• 5d4e8d1 Merge pull request #3371 from github/update-v4.31.9-998798e34
• 1dc115f Update changelog for v4.31.9
• 998798e Merge pull request #3352 from github/nickrolfe/jar-min-ff-cleanup
• 5eb7519 Merge pull request #3358 from github/henrymercer/database-upload-telemetry
• d29eddb Extract version number to constant
• e962687 Merge branch 'main' into henrymercer/database-upload-telemetry
• 19c7f96 Rename isOverlayBase
• ae5de9a Use getErrorMessage in log too
• 0cb8633 Prefer performance.now()
• c07cc0d Merge pull request #3351 from github/henrymercer/ghec-dr-determine-tools-vers...
• Additional commits viewable in compare view

Updates actions/dependency-review-action from 4.8.1 to 4.8.2

Release notes

Sourced from actions/dependency-review-action's releases.

v4.8.2

Minor fixes:

• Fix PURL parsing for scoped packages (#1008 from @​danielhardej)
• Fix for large summaries (#1007 from @​gitulisca)
• README includes a working example for allow-dependencies-licenses (#1009 from @​danielhardej)

Commits

• 3c4e3dc Merge pull request #1016 from actions/dra-release
• 02930b2 Update CONTRIBUTING to reflect new guidelines
• 49ffd9f Update CONTRIBUTING to reflect the need to build
• 70cb25e 4.8.2 release
• ebabd31 Merge pull request #1008 from danielhardej/danielhardej-patch-20251023
• 19f9360 Update package-lock.json
• 5fd2f98 Bump @​types/jest to version 29.5.14
• 28647f4 Fix PURL parsing by removing encodeURI
• f620fd1 Merge pull request #1013 from actions/dangoor/token-fix
• 9b42b7e Remove bad token reference
• Additional commits viewable in compare view

Updates oxsecurity/megalinter from 9.1.0 to 9.2.0

Release notes

Sourced from oxsecurity/megalinter's releases.

v9.2.0

What's Changed

• New linters

  • Salesforce Code Analyzer, by @​abdeslamads
    • SALESFORCE_CODE_ANALYZER_APEX
    • SALESFORCE_CODE_ANALYZER_AURA
    • SALESFORCE_CODE_ANALYZER_LWC

• Disabled linters

  • Reactivate checkov

• Deprecated linters

  • Deprecate terrascan as the project is discontinued. Will be completely removed in a future version.
  • SALESFORCE_SFDX_SCANNER_* linters have been deprecated and will be removed in a future version. (they are replaced by SALESFORCE_CODE_ANALYZER_* linters)

• Media

  • Looking for the best CI/CD Pipeline Linting Tool? Try MegaLinter!, by Seasoned Developer
  • (Brazilian) Qualidade e Segurança em Código com MegaLinter: automatizando análises em MAUI com GitHub Actions, by Canal dotNET

• Linters enhancements

  • Install dotenv-linter deterministically, by @​bdovaz in oxsecurity/megalinter#6385

• Fixes

  • #6544: Add GITHUB_TOKEN in docker build command for custom flavor
  • Hide warning when compiling a regex
  • Fix formatting in descriptor files to reduce changes in generated markdown, by @​echoix in oxsecurity/megalinter#6449

• Reporters

  • Add conversion from Jenkins variables to related Git based reporters variables

• Doc

  • Keep jsonschema html docs updated when using build.py --doc, by @​echoix in oxsecurity/megalinter#6447
  • Commit updated license info generated from build script by @​echoix in oxsecurity/megalinter#6448
  • Recreate docs/descriptors folder, delete old pages by @​echoix in oxsecurity/megalinter#6451

• Flavors

  • Add GITHUB_TOKEN in docker buildx build command for custom flavor, by @​davidfevre-gouv-nc in oxsecurity/megalinter#6545

• CI

  • Optimize performances of standalone linters releases
  • Renovate: Add langchain group for package updates, by @​echoix in oxsecurity/megalinter#6400
  • Refactor file handling in build.py to use pathlib for improved readability, by @​echoix in oxsecurity/megalinter#6450

• mega-linter-runner

  • Handle upgrade of stefanzweifel/git-auto-commit-action to v7

• Linter versions upgrades (53)

  • actionlint from 1.7.7 to 1.7.9
  • ansible-lint from 25.9.1 to 25.11.1

... (truncated)

Changelog

Sourced from oxsecurity/megalinter's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] (beta, main branch content)

Note: Can be used with oxsecurity/megalinter@beta in your GitHub Action mega-linter.yml file, or with oxsecurity/megalinter:beta docker image

• Core

• New linters

  • Add codespell
  • Add kingfisher by @​bdovaz
  • Add rumdl by @​bdovaz

• Disabled linters

• Deprecated linters

• Removed linters

• Media

• Linters enhancements

  • Change checkmake Docker image reference by @​bdovaz

• Fixes

• Reporters

  • Handle multiple MegaLinter runs on the same repo using custom value sent in variable MEGALINTER_MULTIRUN_KEY
  • Allow to override url to CI build in Git based reporters using REPORTERS_ACTION_RUN_URL variable
  • Fix sections display in Gitlab console logs

• Doc

• Flavors

• CI

  • Free disk space on GitHub actions runner when releasing a new flavor

• mega-linter-runner

• Linter versions upgrades (N)

  • dotnet-format from 9.0.111 to 9.0.112 on 2025-12-01
  • phplint from 9.6.2 to 9.6.3 on 2025-12-01
  • terragrunt from 0.93.10 to 0.93.11 on 2025-12-01
  • ruff-format from 0.14.6 to 0.14.7 on 2025-12-03
  • ruff from 0.14.6 to 0.14.7 on 2025-12-03

... (truncated)

Commits

• 55a59b2 Release MegaLinter v9.2.0
• c94f8c8 prep release
• bca0a38 chore(deps): update dependency rubocop-rails to v2.34.2 (#6648)
• 8d505bf [automation] Auto-update linters version, help and documentation (#6659)
• a7d0161 Add conversion from Jenkins variables to related Git provider variables (#6658)
• 663b45a chore(deps): update mstruebing/editorconfig-checker docker tag to v3.6.0 (#6652)
• 64fbcca chore(deps): update docker/metadata-action action to v5.10.0 (#6651)
• b2f3c63 Hides regex compilation warning (#6657)
• 0eac80b chore(deps): update zricethezav/gitleaks docker tag to v8.30.0 (#6653)
• d1fdceb CI: Optimize standalone linters release perfs (#6656)
• Additional commits viewable in compare view

Updates actions/upload-artifact from 5.0.0 to 6.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Upload Artifact Node 24 support by @​salmanmkc in actions/upload-artifact#719
• fix: update @​actions/artifact for Node.js 24 punycode deprecation by @​salmanmkc in actions/upload-artifact#744
• prepare release v6.0.0 for Node.js 24 support by @​salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

Commits

• b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
• e516bc8 docs: correct description of Node.js 24 support in README
• ddc45ed docs: update README to correct action name for Node.js 24 support
• 615b319 chore: release v6.0.0 for Node.js 24 support
• 017748b Merge pull request #744 from actions/fix-storage-blob
• 38d4c79 chore: rebuild dist
• 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
• 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
• 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
• b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
• Additional commits viewable in compare view

Updates google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml from 2.2.4 to 2.3.1

Release notes

Sourced from google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml's releases.

v2.3.1

What's Changed

• chore(deps): update workflows (major) by @​renovate-bot in google/osv-scanner-action#105
• chore(deps): update github/codeql-action action to v4.31.7 by @​renovate-bot in google/osv-scanner-action#108
• chore: more specific name for uploaded artifact by @​marcusburghardt in google/osv-scanner-action#111
• Update to v2.3.1 by @​cuixq in google/osv-scanner-action#112

New Contributors

• @​marcusburghardt made their first contribution in google/osv-scanner-action#111

Full Changelog: google/osv-scanner-action@v2.3.0...v2.3.1

v2.3.0

What's Changed

• chore(deps): update workflows by @​renovate-bot in google/osv-scanner-action#104
• Add gemini config.yaml file by @​michaelkedar in google/osv-scanner-action#107
• Update to v2.3.0 by @​michaelkedar in google/osv-scanner-action#106

Full Changelog: google/osv-scanner-action@v2.2.4...v2.3.0

Commits

• 375a0e8 Merge pull request #112 from google/update-to-v2.3.1
• 611152d Update unified workflow example to point to v2.3.1 reusable workflows
• ccb575f Update reusable workflows to point to v2.3.1 actions
• ffff457 "Update actions to use v2.3.1 osv-scanner image"
• f011708 Merge pull request #111 from marcusburghardt/upload_name
• 54338a3 chore: more specific name for uploaded artifact
• 2e56ca8 Merge pull request #108 from renovate-bot/renovate/workflows
• 540b498 chore(deps): update github/codeql-action action to v4.31.7
• 08b0aae Merge pull request #105 from renovate-bot/renovate/major-workflows
• b77c075 Merge pull request #106 from google/update-to-v2.3.0
• Additional commits viewable in compare view

Updates google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml from 2.2.4 to 2.3.1

Release notes

Sourced from google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml's releases.

v2.3.1

What's Changed

• chore(deps): update workflows (major) by @​renovate-bot in google/osv-scanner-action#105
• chore(deps): update github/codeql-action action to v4.31.7 by @​renovate-bot in google/osv-scanner-action#108
• chore: more specific name for uploaded artifact by @​marcusburghardt in google/osv-scanner-action#111
• Update to v2.3.1 by @​cuixq in google/osv-scanner-action#112

New Contributors

• @​marcusburghardt made their first contribution in google/osv-scanner-action#111

Full Changelog: google/osv-scanner-action@v2.3.0...v2.3.1

v2.3.0

What's Changed

• chore(deps): update workflows by @​renovate-bot in google/osv-scanner-action#104
• Add gemini config.yaml file by @​michaelkedar in

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.98%. Comparing base (3196b30) to head (18dfbcf).
⚠️ Report is 4 commits behind head on main.
✅ All tests successful. No failed tests found.

❌ Your project status has failed because the head coverage (92.98%) is below the target coverage (95.00%). You can increase the head coverage or adjust the target coverage.

Flag	Coverage Δ
pwsh-macos-latest	92.06% <ø> (ø)
pwsh-ubuntu-latest	91.60% <ø> (ø)
pwsh-windows-latest	92.79% <ø> (ø)
windows-powershell-51	92.79% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@@           Coverage Diff           @@
##             main      #14   +/-   ##
=======================================
  Coverage   92.98%   92.98%           
=======================================
  Files          55       55           
  Lines        1512     1512           
=======================================
  Hits         1406     1406           
  Misses        106      106           

Components	Coverage Δ
Core Module	92.98% <ø> (ø)
Test Suite	∅ <ø> (∅)
Utility Scripts	∅ <ø> (∅)
Configuration & Build	∅ <ø> (∅)

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3196b30...18dfbcf. Read the comment docs.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.