chore(deps): update all non-major dependencies

[renovate-bot]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
actions/cache	action	patch	v4.2.0 -> v4.2.2
actions/setup-go	action	minor	v5.2.0 -> v5.3.0
cloud.google.com/go/functions	require	patch	v1.19.3 -> v1.19.4
github.com/google/go-cmp	require	minor	v0.6.0 -> v0.7.0
github/codeql-action	action	patch	v3.28.0 -> v3.28.11
ossf/scorecard-action	action	patch	v2.4.0 -> v2.4.1
step-security/harden-runner	action	minor	v2.10.2 -> v2.11.0

---

Release Notes

actions/cache (actions/cache)

v4.2.2

Compare Source

What's Changed

[!IMPORTANT]
As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

• Bump @​actions/cache to v4.0.2 by @​robherley in https://github.com/actions/cache/pull/1560

Full Changelog: actions/cache@v4.2.1...v4.2.2

v4.2.1

Compare Source

What's Changed

[!IMPORTANT]
As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

• docs: GitHub is spelled incorrectly in caching-strategies.md by @​janco-absa in https://github.com/actions/cache/pull/1526
• docs: Make the "always save prime numbers" example more clear by @​Tobbe in https://github.com/actions/cache/pull/1525
• Update force deletion docs due a recent deprecation by @​sebbalex in https://github.com/actions/cache/pull/1500
• Bump @​actions/cache to v4.0.1 by @​robherley in https://github.com/actions/cache/pull/1554

New Contributors

• @​janco-absa made their first contribution in https://github.com/actions/cache/pull/1526
• @​Tobbe made their first contribution in https://github.com/actions/cache/pull/1525
• @​sebbalex made their first contribution in https://github.com/actions/cache/pull/1500

Full Changelog: actions/cache@v4.2.0...v4.2.1

actions/setup-go (actions/setup-go)

v5.3.0

Compare Source

What's Changed

• Use the new cache service: upgrade @actions/cache to ^4.0.0 by @​Link- in https://github.com/actions/setup-go/pull/531
• Configure Dependabot settings by @​HarithaVattikuti in https://github.com/actions/setup-go/pull/530
• Document update - permission section by @​HarithaVattikuti in https://github.com/actions/setup-go/pull/533
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot in https://github.com/actions/setup-go/pull/534

New Contributors

• @​Link- made their first contribution in https://github.com/actions/setup-go/pull/531

Full Changelog: actions/setup-go@v5...v5.3.0

google/go-cmp (github.com/google/go-cmp)

v0.7.0

Compare Source

New API:

• (#​367) Support compare functions with SortSlices and SortMaps

Panic messaging:

• (#​370) Detect proto.Message types when failing to export a field

github/codeql-action (github/codeql-action)

v3.28.11

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.11 - 07 Mar 2025

• Update default CodeQL bundle version to 2.20.6. #​2793

See the full CHANGELOG.md for more information.

v3.28.10

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.10 - 21 Feb 2025

• Update default CodeQL bundle version to 2.20.5. #​2772
• Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #​2768

See the full CHANGELOG.md for more information.

v3.28.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.9 - 07 Feb 2025

• Update default CodeQL bundle version to 2.20.4. #​2753

See the full CHANGELOG.md for more information.

v3.28.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.8 - 29 Jan 2025

• Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #​2744

See the full CHANGELOG.md for more information.

v3.28.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.7 - 29 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.6 - 27 Jan 2025

• Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #​2726

See the full CHANGELOG.md for more information.

v3.28.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.5 - 24 Jan 2025

• Update default CodeQL bundle version to 2.20.3. #​2717

See the full CHANGELOG.md for more information.

v3.28.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.4 - 23 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.3 - 22 Jan 2025

• Update default CodeQL bundle version to 2.20.2. #​2707
• Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #​2710
• Uploading debug artifacts for CodeQL analysis is temporarily disabled. #​2712

See the full CHANGELOG.md for more information.

v3.28.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.2 - 21 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.1 - 10 Jan 2025

• CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #​2677
• Update default CodeQL bundle version to 2.20.1. #​2678

See the full CHANGELOG.md for more information.

ossf/scorecard-action (ossf/scorecard-action)

v2.4.1

Compare Source

What's Changed

• This update bumps the Scorecard version to the v5.1.1 release. For a complete list of changes, please refer to the v5.1.0 and v5.1.1 release notes.
• Publishing results now uses half the API quota as before. The exact savings depends on the repository in question.
  • use Scorecard library entrypoint instead of Cobra hooking by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1423
• Some errors were made into annotations to make them more visible
  • Make default branch error more prominent by @​jsoref in https://github.com/ossf/scorecard-action/pull/1459
• There is now an optional file_mode input which controls how repository files are fetched from GitHub. The default is archive, but git produces the most accurate results for repositories with .gitattributes files at the cost of analysis speed.
  • add input for specifying --file-mode by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1509
• The underlying container for the action is now hosted on GitHub Container Registry. There should be no functional changes.
  • 🌱 publish docker images to GitHub Container Registry by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1453

Docs

• Installation docs update by @​JeremiahAHoward in https://github.com/ossf/scorecard-action/pull/1416

New Contributors

• @​JeremiahAHoward made their first contribution in https://github.com/ossf/scorecard-action/pull/1416
• @​jsoref made their first contribution in https://github.com/ossf/scorecard-action/pull/1459
  Full Changelog: ossf/scorecard-action@v2.4.0...v2.4.1

step-security/harden-runner (step-security/harden-runner)

v2.11.0

Compare Source

What's Changed

Release v2.11.0 in #​498
Harden-Runner Enterprise tier now supports the use of eBPF for DNS resolution and network call monitoring

Full Changelog: step-security/harden-runner@v2...v2.11.0

v2.10.4

Compare Source

What's Changed

Fixed a potential Harden-Runner post step failure that could occur when printing agent service logs. The fix gracefully handles failures without failing the post step.

Full Changelog: step-security/harden-runner@v2...v2.10.4

v2.10.3

Compare Source

What's Changed

Fixed an issue where DNS requests using uppercase characters (e.g., EXAMPLE.com) were blocked even when the domain was present in the allowed list. This update standardizes domain names to lowercase for consistent comparison.

Full Changelog: step-security/harden-runner@v2...v2.10.3

---

Configuration

📅 Schedule: Branch creation - "* 0-3 1 * *" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[forking-renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.21 -> 1.24.1