ci(deps): bump the github-actions group across 1 directory with 14 updates by dependabot[bot] · Pull Request #83 · inferadb/ledger

dependabot · 2026-05-11T12:52:44Z

Bumps the github-actions group with 14 updates in the /.github/workflows directory:

Package	From	To
step-security/harden-runner	`2.16.1`	`2.19.1`
step-security/paths-filter	`3.0.5`	`4.0.1`
mozilla-actions/sccache-action	`0.0.9`	`0.0.10`
step-security/rust-cache	`2.8.3`	`2.9.1`
step-security/docker-login-action	`3.7.0`	`4.1.0`
step-security/docker-build-push-action	`6.18.0`	`7.1.0`
actions/upload-artifact	`7.0.0`	`7.0.1`
step-security/action-semantic-pull-request	`6.1.1`	`6.1.2`
taiki-e/install-action	`2.73.0`	`2.77.5`
github/codeql-action	`4.35.1`	`4.35.4`
actions/cache	`5.0.4`	`5.0.5`
actions/labeler	`6.0.1`	`6.1.0`
actions/github-script	`8.0.0`	`9.0.0`
actions/dependency-review-action	`4.9.0`	`5.0.0`

Updates step-security/harden-runner from 2.16.1 to 2.19.1

Release notes

Sourced from step-security/harden-runner's releases.

v2.19.1

What's Changed

fix: detect ubuntu-slim runners early and bail out by @devantler in step-security/harden-runner#657

What the fix changes

Harden-Runner will detect ubuntu-slim runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.

What the fix does not do

Jobs running on ubuntu-slim will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).

Per GitHub's docs on single-CPU runners: "The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported." Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.

For StepSecurity enterprise customers If your security posture requires that workflows are always monitored, you can block the use of ubuntu-slim via workflow run policies see the Runner Label Policy docs. This lets you enforce that jobs only run on monitored runner types.

New Contributors

@devantler made their first contribution in step-security/harden-runner#657

Full Changelog: step-security/harden-runner@v2.19.0...v2.19.1

v2.19.0

What's Changed

New Runner Support

Harden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.

Automated Incident Response for Supply Chain Attacks

Global block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.

System-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).

Bug Fixes

Windows and macOS: stability and reliability fixes

Full Changelog: step-security/harden-runner@v2.18.0...v2.19.0

v2.18.0

What's Changed

Global Block List: During supply chain incidents like the recent axios and trivy compromises, StepSecurity will add known malicious domains and IP addresses (IOCs) to a global block list. These will be automatically blocked, even in audit mode, providing immediate protection without requiring any workflow changes.

Deploy on Self-Hosted VM: Added deploy-on-self-hosted-vm input that allows the Harden Runner agent to be installed directly on ephemeral self-hosted Linux runner VMs at workflow runtime. This is intended as an alternative when baking the agent into the VM image is not possible.

Full Changelog: step-security/harden-runner@v2.17.0...v2.18.0

v2.17.0

What's Changed

Policy Store Support

Added use-policy-store and api-key inputs to fetch security policies directly from the StepSecurity Policy Store. Policies can be defined and attached at the workflow, repo, org, or cluster (ARC) level, with the most granular policy taking precedence. This is the preferred method over the existing policy input which requires id-token: write permission. If no policy is found in the store, the action defaults to audit mode.

Full Changelog: step-security/harden-runner@v2.16.1...v2.17.0

Commits

a5ad31d Merge pull request #657 from devantler/fix/ubuntu-slim-user-env
6e92856 build dist and trim ubuntu-slim message
4e0504e Merge branch 'main' into fix/ubuntu-slim-user-env
8d3c67d Release v2.19.0 (#661)
6c3c2f2 Feature/deploy on self hosted vm (#658)
376d25a fix: detect ubuntu-slim runners early and bail out
f808768 Feature/policy store (#656)
See full diff in compare view

Updates step-security/paths-filter from 3.0.5 to 4.0.1

Release notes

Sourced from step-security/paths-filter's releases.

v4.0.1

What's Changed

fix: Security updates by @github-actions[bot] in step-security/paths-filter#225

fix: Security updates by @github-actions[bot] in step-security/paths-filter#226

fix: Security updates by @github-actions[bot] in step-security/paths-filter#229

fix: Security updates by @github-actions[bot] in step-security/paths-filter#230

fix: Security updates by @github-actions[bot] in step-security/paths-filter#231

fix: Security updates by @github-actions[bot] in step-security/paths-filter#232

fix: Security updates by @github-actions[bot] in step-security/paths-filter#233

fix: Security updates by @github-actions[bot] in step-security/paths-filter#234

fix: Security updates by @github-actions[bot] in step-security/paths-filter#235

fix: upgrade packages to fix vulnerabilities by @Raj-StepSecurity in step-security/paths-filter#237

ci: added claude review workflow by @amanstep in step-security/paths-filter#238

ci: Update auto_cherry_pick.yml by @Raj-StepSecurity in step-security/paths-filter#239

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/paths-filter#236

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/paths-filter#240

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/paths-filter#241

feat: added banner and update subscription check to make maintained actions free for public repos by @Raj-StepSecurity in step-security/paths-filter#243

Full Changelog: step-security/paths-filter@v3...v4.0.1

Commits

5c5241b Merge pull request #243 from step-security/feat/update-subscription-check
4a740b4 claude comments addressed
c3c4a64 feat: added banner and update subscription check to make maintained actions f...
e7a5f27 Merge pull request #241 from step-security/auto-cherry-pick
81a12d9 chore: Cherry-picked changes from upstream for conflicting changes
8f54c5a feat: add merge_group event support
6a7c5d6 Merge pull request #240 from step-security/auto-cherry-pick
c79c47b chore: Cherry-picked changes from upstream in package.json
000dc59 feat: update action runtime to node24
60b52a2 Merge pull request #236 from step-security/auto-cherry-pick
Additional commits viewable in compare view

Updates mozilla-actions/sccache-action from 0.0.9 to 0.0.10

Release notes

Sourced from mozilla-actions/sccache-action's releases.

v0.0.10

What's Changed

Use tar on all platforms by @brianmichel in Mozilla-Actions/sccache-action#193

Bump eslint-plugin-prettier from 5.2.3 to 5.2.5 by @dependabot[bot] in Mozilla-Actions/sccache-action#196

Bump typescript from 5.7.2 to 5.8.2 by @dependabot[bot] in Mozilla-Actions/sccache-action#195

Bump @types/node from 22.13.0 to 22.13.17 by @dependabot[bot] in Mozilla-Actions/sccache-action#194

Bump undici from 5.28.5 to 5.29.0 by @dependabot[bot] in Mozilla-Actions/sccache-action#204

Bump eslint-config-prettier from 9.1.0 to 10.1.2 by @dependabot[bot] in Mozilla-Actions/sccache-action#201

Bump ts-jest from 29.2.6 to 29.3.2 by @dependabot[bot] in Mozilla-Actions/sccache-action#200

Bump eslint-plugin-prettier from 5.2.5 to 5.5.4 by @dependabot[bot] in Mozilla-Actions/sccache-action#221

Bump eslint-config-prettier from 10.1.2 to 10.1.8 by @dependabot[bot] in Mozilla-Actions/sccache-action#214

Bump the github-actions group across 1 directory with 2 updates by @dependabot[bot] in Mozilla-Actions/sccache-action#220

Add job id to annotation title by @wetheredge in Mozilla-Actions/sccache-action#212

Bump @actions/io from 1.1.3 to 2.0.0 by @dependabot[bot] in Mozilla-Actions/sccache-action#228

Bump eslint-plugin-import from 2.31.0 to 2.32.0 by @dependabot[bot] in Mozilla-Actions/sccache-action#227

Bump actions/setup-node from 5 to 6 in the github-actions group by @dependabot[bot] in Mozilla-Actions/sccache-action#226

Bump @actions/github from 6.0.0 to 6.0.1 by @dependabot[bot] in Mozilla-Actions/sccache-action#233

Bump minimatch by @dependabot[bot] in Mozilla-Actions/sccache-action#239

Bump actions/checkout from 5 to 6 in the github-actions group by @dependabot[bot] in Mozilla-Actions/sccache-action#232

Bump ts-jest from 29.3.2 to 29.4.6 by @dependabot[bot] in Mozilla-Actions/sccache-action#240

Bump to node24 by @cakebaker in Mozilla-Actions/sccache-action#245

Bump flatted from 3.3.1 to 3.4.2 by @dependabot[bot] in Mozilla-Actions/sccache-action#248

Bump picomatch from 2.3.1 to 2.3.2 by @dependabot[bot] in Mozilla-Actions/sccache-action#249

Bump handlebars from 4.7.8 to 4.7.9 by @dependabot[bot] in Mozilla-Actions/sccache-action#250

Fix code block formatting in README.md by @baseplate-admin in Mozilla-Actions/sccache-action#246

Bump js-yaml from 3.14.1 to 3.14.2 by @dependabot[bot] in Mozilla-Actions/sccache-action#231

prepare version 0.0.10 by @sylvestre in Mozilla-Actions/sccache-action#251

New Contributors

@brianmichel made their first contribution in Mozilla-Actions/sccache-action#193

@wetheredge made their first contribution in Mozilla-Actions/sccache-action#212

@baseplate-admin made their first contribution in Mozilla-Actions/sccache-action#246

Full Changelog: Mozilla-Actions/sccache-action@v0.0.9...v0.0.10

Commits

9e7fa8a Merge pull request #251 from sylvestre/ver
3ca012d prepare version 0.0.10
7cf1643 Merge pull request #231 from Mozilla-Actions/dependabot/npm_and_yarn/js-yaml-...
b2be802 Merge pull request #246 from baseplate-admin/patch-1
84812a5 Merge pull request #250 from Mozilla-Actions/dependabot/npm_and_yarn/handleba...
4e28318 Merge pull request #249 from Mozilla-Actions/dependabot/npm_and_yarn/picomatc...
cfa813e Merge pull request #248 from Mozilla-Actions/dependabot/npm_and_yarn/flatted-...
ef3762b Merge pull request #245 from cakebaker/bump_to_node24
919bfb6 Bump handlebars from 4.7.8 to 4.7.9
167904b Bump picomatch from 2.3.1 to 2.3.2
Additional commits viewable in compare view

Updates step-security/rust-cache from 2.8.3 to 2.9.1

Release notes

Sourced from step-security/rust-cache's releases.

v2.9.1

What's Changed

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/rust-cache#280

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/rust-cache#281

fix: test vulns fixed by @Raj-StepSecurity in step-security/rust-cache#279

Full Changelog: step-security/rust-cache@v2...v2.9.1

v2.8.4

What's Changed

[StepSecurity] Apply security best practices by @stepsecurity-app[bot] in step-security/rust-cache#265

fix: Security updates by @github-actions[bot] in step-security/rust-cache#267

fix: Security updates by @github-actions[bot] in step-security/rust-cache#269

fix: Security updates by @github-actions[bot] in step-security/rust-cache#270

fix: Security updates by @github-actions[bot] in step-security/rust-cache#271

fix: Security updates by @github-actions[bot] in step-security/rust-cache#272

fix: Security updates by @github-actions[bot] in step-security/rust-cache#273

fix: Security updates by @github-actions[bot] in step-security/rust-cache#274

fix: upgrade packages to fix vulnerabilities by @Raj-StepSecurity in step-security/rust-cache#275

fix: Security updates by @github-actions[bot] in step-security/rust-cache#276

feat: added banner and update subscription check to make maintained actions free for public repos by @Raj-StepSecurity in step-security/rust-cache#277

fix: Security updates by @github-actions[bot] in step-security/rust-cache#278

New Contributors

@stepsecurity-app[bot] made their first contribution in step-security/rust-cache#265

Full Changelog: step-security/rust-cache@v2...v2.8.4

Commits

851174d fix: test vulns fixed (#279)
f0d17cd Merge branch 'main' into fix/test-vulnerabilities-fixed
90bb4a5 chore: Cherry-picked changes from upstream (#281)
595123a Merge pull request #280 from step-security/auto-cherry-pick
b1072eb conflicted commits cherry-picked
374bbf5 fix: apply code build script
dd5ecff fix: apply code build script
7791ac0 Compare case-insenitively for full cache key match (#303)
49df1bd Consider all installed toolchains in cache key (#293)
84286e5 Consider all installed toolchains in cache key (#293)
Additional commits viewable in compare view

Updates step-security/docker-login-action from 3.7.0 to 4.1.0

Release notes

Sourced from step-security/docker-login-action's releases.

v4.1.0

What's Changed

fix: Resolve security vulnerabilities by @anurag-stepsecurity in step-security/docker-login-action#33

ci: remove guarddog by @Raj-StepSecurity in step-security/docker-login-action#34

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/docker-login-action#32

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/docker-login-action#35

fix: fixed subscription check code by @amanstep in step-security/docker-login-action#36

New Contributors

@anurag-stepsecurity made their first contribution in step-security/docker-login-action#33

@amanstep made their first contribution in step-security/docker-login-action#36

Full Changelog: step-security/docker-login-action@v3...v4.1.0

Commits

870af64 Merge pull request #36 from step-security/fix/subscription_code
31c9f9d fix: unused dependency removed
ad9fbe6 fix: dist updated
1bb40b7 Merge branch 'main' into fix/subscription_code
d0c3707 fix: fixed subscription check code
f047736 Merge pull request #35 from step-security/auto-cherry-pick
f3dad61 chore: cherry-picked conflicting changes
ae453c3 fix: apply code build script
750d643 fix: apply code build script
243626a fix scoped Docker Hub cleanup path when registry is omitted
Additional commits viewable in compare view

Updates step-security/docker-build-push-action from 6.18.0 to 7.1.0

Release notes

Sourced from step-security/docker-build-push-action's releases.

v7.1.0

What's Changed

fix: Security updates by @github-actions[bot] in step-security/docker-build-push-action#27

fix: Security updates by @github-actions[bot] in step-security/docker-build-push-action#28

fix: upgraded packages to fix vulnerabilities by @Raj-StepSecurity in step-security/docker-build-push-action#29

build(deps): bump axios from 1.13.2 to 1.13.5 by @dependabot[bot] in step-security/docker-build-push-action#30

build(deps): bump tar from 7.5.7 to 7.5.9 by @dependabot[bot] in step-security/docker-build-push-action#32

fix: upgrade packages and fix vulnerabilities by @Raj-StepSecurity in step-security/docker-build-push-action#33

fix: fixed vulnerability by @amanstep in step-security/docker-build-push-action#35

ci: removed guarddog by @Raj-StepSecurity in step-security/docker-build-push-action#36

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/docker-build-push-action#34

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/docker-build-push-action#37

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/docker-build-push-action#38

ci: yarn version updated by @Raj-StepSecurity in step-security/docker-build-push-action#39

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/docker-build-push-action#40

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/docker-build-push-action#41

feat: added banner and update subscription check to make maintained actions free for public repos by @Raj-StepSecurity in step-security/docker-build-push-action#42

New Contributors

@dependabot[bot] made their first contribution in step-security/docker-build-push-action#30

@amanstep made their first contribution in step-security/docker-build-push-action#35

Full Changelog: step-security/docker-build-push-action@v6...v7.1.0

Commits

846549b Merge pull request #42 from step-security/feat/update-subscription-check
f9b1572 banner added back
899b61e readme updated
2b5119e feat: added banner and update subscription check to make maintained actions f...
b2ce443 Merge pull request #41 from step-security/auto-cherry-pick
e1d2cd3 readme updated
a5e683b ci updated
f751cf9 ci updated
0bbe4cb conflicted commits cherry-picked
46acbdf fix test since secrets are not written to temp path anymore
Additional commits viewable in compare view

Updates actions/upload-artifact from 7.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Update the readme with direct upload details by @danwkennedy in actions/upload-artifact#795

Readme: bump all the example versions to v7 by @danwkennedy in actions/upload-artifact#796

Include changes in typespec/ts-http-runtime 0.3.5 by @yacaovsnc in actions/upload-artifact#797

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits

043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
634250c Include changes in typespec/ts-http-runtime 0.3.5
e454baa Readme: bump all the example versions to v7 (#796)
74fad66 Update the readme with direct upload details (#795)
See full diff in compare view

Updates step-security/action-semantic-pull-request from 6.1.1 to 6.1.2

Release notes

Sourced from step-security/action-semantic-pull-request's releases.

v6.1.2

What's Changed

build(deps): bump js-yaml from 4.1.0 to 4.1.1 by @dependabot[bot] in step-security/action-semantic-pull-request#147

ci: update audit_package.yml by @Raj-StepSecurity in step-security/action-semantic-pull-request#149

fix: Security updates by @github-actions[bot] in step-security/action-semantic-pull-request#150

ci: Update audit_package.yml by @Raj-StepSecurity in step-security/action-semantic-pull-request#151

fix: build(deps): bump axios from 1.12.2 to 1.13.5 by @dependabot[bot] in step-security/action-semantic-pull-request#152

fix: upgrade packages and fix vulnerabilities by @Raj-StepSecurity in step-security/action-semantic-pull-request#153

ci: Update audit_package.yml by @Raj-StepSecurity in step-security/action-semantic-pull-request#154

ci: Update audit_package.yml by @Raj-StepSecurity in step-security/action-semantic-pull-request#155

fix: Security updates by @github-actions[bot] in step-security/action-semantic-pull-request#156

fix: Security updates by @github-actions[bot] in step-security/action-semantic-pull-request#157

fix: upgrade packages to fix vulnerabilities by @Raj-StepSecurity in step-security/action-semantic-pull-request#158

ci: made node version input to default at 24 by @amanstep in step-security/action-semantic-pull-request#133

fix: Security updates by @github-actions[bot] in step-security/action-semantic-pull-request#159

feat: added banner and update subscription check to make maintained actions free for public repos by @Raj-StepSecurity in step-security/action-semantic-pull-request#160

fix: Security updates by @github-actions[bot] in step-security/action-semantic-pull-request#161

ci: update actions_release.yml by @Raj-StepSecurity in step-security/action-semantic-pull-request#162

Full Changelog: step-security/action-semantic-pull-request@v6...v6.1.2

Commits

75d2dd5 Merge pull request #162 from step-security/Raj-StepSecurity-patch-11
dce66ee Update actions_release.yml
80eb62b Merge pull request #161 from step-security/yarn-audit-fix
ac0700f fix: apply audit fixes
92d4228 fix: apply audit fixes
91fa82f fix: apply audit fixes
fed9df2 Merge pull request #160 from step-security/feat/update-subscription-check
9d0ba60 code linted
21be1b8 feat: added banner and update subscription check to make maintained actions f...
57d5042 Merge pull request #159 from step-security/yarn-audit-fix
Additional commits viewable in compare view

Updates taiki-e/install-action from 2.73.0 to 2.77.5

Release notes

Sourced from taiki-e/install-action's releases.

2.77.5

Update biome@latest to 2.4.15.

Update mise@latest to 2026.5.4.

Update cargo-deny@latest to 0.19.5.

2.77.4

Update tombi@latest to 0.11.1.

Update cargo-llvm-cov@latest to 0.8.6.

Update uv@latest to 0.11.12.

2.77.3

Update typos@latest to 1.46.1.

Update rclone@latest to 1.74.1.

Update tombi@latest to 0.11.0.

Update osv-scanner@latest to 2.3.8.

Update mise@latest to 2026.5.3.

2.77.2

Update martin@latest to 1.9.0.

Update wasm-bindgen@latest to 0.2.121.

Update uv@latest to 0.11.11.

Update mise@latest to 2026.5.1.

Update prek@latest to 0.3.13.

Update tombi@latest to 0.10.6.

2.77.1

Support taiki-e/install-action@rust tag.

Update tombi@latest to 0.10.3.

Update martin@latest to 1.8.2.

2.77.0

Support rust. (#1779)

This installs rust using rustup.

... (truncated)

Changelog

Sourced from taiki-e/install-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning.

[Unreleased]

Update release-plz@latest to 0.3.158.

Update just@latest to 1.51.0.

[2.77.5] - 2026-05-11

Update biome@latest to 2.4.15.

Update mise@latest to 2026.5.4.

Update cargo-deny@latest to 0.19.5.

[2.77.4] - 2026-05-10

Update tombi@latest to 0.11.1.

Update cargo-llvm-cov@latest to 0.8.6.

Update uv@latest to 0.11.12.

[2.77.3] - 2026-05-09

Update typos@latest to 1.46.1.

Update rclone@latest to 1.74.1.

Update tombi@latest to 0.11.0.

Update osv-scanner@latest to 2.3.8.

Update mise@latest to 2026.5.3.

[2.77.2] - 2026-05-08

Update martin@latest to 1.9.0.

Update wasm-bindgen@latest to 0.2.121.

... (truncated)

Commits

fa0dd4c Release 2.77.5
d36d444 Update biome@latest to 2.4.15
d218cf5 Update release-plz manifest
d0260a1 Update mise@latest to 2026.5.4
831c88b Update cargo-deny@latest to 0.19.5
ec28e28 Release 2.77.4
84fb204 Update tombi@latest to 0.11.1
c0382ae Update cargo-llvm-cov@latest to 0.8.6
e32a755 Update just manifest
ea4c42c Update uv@latest to 0.11.12
Additional commits viewable in compare view

Updates github/codeql-action from 4.35.1 to 4.35.4

Release notes

Sourced from github/codeql-action's releases.

v4.35.4

Update default CodeQL bundle version to 2.25.4. #3881

v4.35.3

Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837

Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850

Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853

Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852

Update default CodeQL bundle version to 2.25.3. #3865

v4.35.2

The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795

The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789

Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794

Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807

Update default CodeQL bundle version to 2.25.2. #3823

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.35.4 - 07 May 2026

Update default CodeQL bundle version to 2.25.4. #3881

4.35.3 - 01 May 2026

Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837

Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850

Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853

Fixed a bug where two diagnostics produced within the same ...
Description has been truncated

…dates Bumps the github-actions group with 14 updates in the /.github/workflows directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.16.1` | `2.19.1` | | [step-security/paths-filter](https://github.com/step-security/paths-filter) | `3.0.5` | `4.0.1` | | [mozilla-actions/sccache-action](https://github.com/mozilla-actions/sccache-action) | `0.0.9` | `0.0.10` | | [step-security/rust-cache](https://github.com/step-security/rust-cache) | `2.8.3` | `2.9.1` | | [step-security/docker-login-action](https://github.com/step-security/docker-login-action) | `3.7.0` | `4.1.0` | | [step-security/docker-build-push-action](https://github.com/step-security/docker-build-push-action) | `6.18.0` | `7.1.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` | | [step-security/action-semantic-pull-request](https://github.com/step-security/action-semantic-pull-request) | `6.1.1` | `6.1.2` | | [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.73.0` | `2.77.5` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.35.1` | `4.35.4` | | [actions/cache](https://github.com/actions/cache) | `5.0.4` | `5.0.5` | | [actions/labeler](https://github.com/actions/labeler) | `6.0.1` | `6.1.0` | | [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.9.0` | `5.0.0` | Updates `step-security/harden-runner` from 2.16.1 to 2.19.1 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@fe10465...a5ad31d) Updates `step-security/paths-filter` from 3.0.5 to 4.0.1 - [Release notes](https://github.com/step-security/paths-filter/releases) - [Commits](step-security/paths-filter@6eee183...5c5241b) Updates `mozilla-actions/sccache-action` from 0.0.9 to 0.0.10 - [Release notes](https://github.com/mozilla-actions/sccache-action/releases) - [Commits](Mozilla-Actions/sccache-action@7d986dd...9e7fa8a) Updates `step-security/rust-cache` from 2.8.3 to 2.9.1 - [Release notes](https://github.com/step-security/rust-cache/releases) - [Commits](step-security/rust-cache@9be15b8...851174d) Updates `step-security/docker-login-action` from 3.7.0 to 4.1.0 - [Release notes](https://github.com/step-security/docker-login-action/releases) - [Commits](step-security/docker-login-action@6aa05fe...870af64) Updates `step-security/docker-build-push-action` from 6.18.0 to 7.1.0 - [Release notes](https://github.com/step-security/docker-build-push-action/releases) - [Commits](step-security/docker-build-push-action@a8c3d08...846549b) Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@bbbca2d...043fb46) Updates `step-security/action-semantic-pull-request` from 6.1.1 to 6.1.2 - [Release notes](https://github.com/step-security/action-semantic-pull-request/releases) - [Commits](step-security/action-semantic-pull-request@bc0cf74...75d2dd5) Updates `taiki-e/install-action` from 2.73.0 to 2.77.5 - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](taiki-e/install-action@7a562df...fa0dd4c) Updates `github/codeql-action` from 4.35.1 to 4.35.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@c10b806...68bde55) Updates `actions/cache` from 5.0.4 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@6682284...27d5ce7) Updates `actions/labeler` from 6.0.1 to 6.1.0 - [Release notes](https://github.com/actions/labeler/releases) - [Commits](actions/labeler@634933e...f27b608) Updates `actions/github-script` from 8.0.0 to 9.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@ed59741...3a2844b) Updates `actions/dependency-review-action` from 4.9.0 to 5.0.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@2031cfc...a1d282b) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.19.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: step-security/paths-filter dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: mozilla-actions/sccache-action dependency-version: 0.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: step-security/rust-cache dependency-version: 2.9.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: step-security/docker-login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: step-security/docker-build-push-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: step-security/action-semantic-pull-request dependency-version: 6.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: taiki-e/install-action dependency-version: 2.77.5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.35.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/labeler dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/dependency-review-action dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added area/ci CI/CD area/deps Dependencies labels May 11, 2026

github-actions Bot added the area/config Configuration label May 11, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci(deps): bump the github-actions group across 1 directory with 14 updates#83

ci(deps): bump the github-actions group across 1 directory with 14 updates#83
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dot-github/workflows/github-actions-f6a8d9dc34

dependabot Bot commented on behalf of github May 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 11, 2026

v2.19.1

What's Changed

New Contributors

v2.19.0

What's Changed

New Runner Support

Automated Incident Response for Supply Chain Attacks

Bug Fixes

v2.18.0

What's Changed

v2.17.0

What's Changed

Policy Store Support

v4.0.1

What's Changed

v0.0.10

What's Changed

New Contributors

v2.9.1

What's Changed

v2.8.4

What's Changed

New Contributors

v4.1.0

What's Changed

New Contributors

v7.1.0

What's Changed

New Contributors

v7.0.1

What's Changed

v6.1.2

What's Changed

2.77.5

2.77.4

2.77.3

2.77.2

2.77.1

2.77.0

Changelog

[Unreleased]

[2.77.5] - 2026-05-11

[2.77.4] - 2026-05-10

[2.77.3] - 2026-05-09

[2.77.2] - 2026-05-08

v4.35.4

v4.35.3

v4.35.2

CodeQL Action Changelog

[UNRELEASED]

4.35.4 - 07 May 2026

4.35.3 - 01 May 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants