fix(deps): update github-actions (#175)

renovate[bot] · web-flow · commit 589293f977a5 · 2025-07-13T07:15:28.000+02:00
Signed-off-by: Renovate Bot &lt;bot@renovateapp.com&gt;
Co-authored-by: renovate[bot] &lt;29139614+renovate[bot]@users.noreply.github.com&gt;
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -43,7 +43,7 @@ jobs:
 
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
@@ -52,7 +52,7 @@ jobs:
 
             # Initializes the CodeQL tools for scanning.
             - name: "Initialize CodeQL"
-              uses: "github/codeql-action/init@39edc492dbe16b1465b0cafca41432d857bdb31a" # v3.29.1
+              uses: "github/codeql-action/init@181d5eefc20863364f96762470ba6f862bdef56b" # v3.29.2
               with:
                   languages: "${{ matrix.language }}"
                   # If you wish to specify custom queries, you can do so here or in a config file.
@@ -62,7 +62,7 @@ jobs:
             # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
             # If this step fails, then you should remove it and run the build manually (see below)
             - name: "Autobuild"
-              uses: "github/codeql-action/autobuild@39edc492dbe16b1465b0cafca41432d857bdb31a" # v3.29.1
+              uses: "github/codeql-action/autobuild@181d5eefc20863364f96762470ba6f862bdef56b" # v3.29.2
 
             # ℹ️ Command-line programs to run using the OS shell.
             # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -75,6 +75,6 @@ jobs:
             #   ./location_of_script_within_repo/buildscript.sh
 
             - name: "Perform CodeQL Analysis"
-              uses: "github/codeql-action/analyze@39edc492dbe16b1465b0cafca41432d857bdb31a" # v3.29.1
+              uses: "github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b" # v3.29.2
               with:
                   category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/comment-issue.yml b/.github/workflows/comment-issue.yml
@@ -16,7 +16,7 @@ jobs:
             issues: "write"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -21,7 +21,7 @@ jobs:
         runs-on: "ubuntu-latest"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -35,7 +35,7 @@ jobs:
             package_json_lintable: "${{ steps.changes.outputs.package_json_lintable }}"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
@@ -60,7 +60,7 @@ jobs:
         runs-on: "ubuntu-latest"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
@@ -112,7 +112,7 @@ jobs:
         runs-on: "ubuntu-latest"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
@@ -164,7 +164,7 @@ jobs:
         runs-on: "ubuntu-latest"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
@@ -216,7 +216,7 @@ jobs:
         runs-on: "ubuntu-latest"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
@@ -240,7 +240,7 @@ jobs:
         runs-on: "ubuntu-latest"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
@@ -265,7 +265,7 @@ jobs:
         runs-on: "ubuntu-latest"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
@@ -283,7 +283,7 @@ jobs:
             - name: "Use Node.js 20.x"
               uses: "actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020" # v4.4.0
               with:
-                  node-version: "20.x"
+                  node-version: "20.19.3"
                   cache: "pnpm"
 
             - name: "Verify the integrity of provenance attestations and registry signatures for installed dependencies"
@@ -315,7 +315,7 @@ jobs:
             # If any jobs we depend on fail, we will fail since this is a required check
             # NOTE: A timeout is considered a failure
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
diff --git a/.github/workflows/lock-file-maintenance.yml b/.github/workflows/lock-file-maintenance.yml
@@ -21,7 +21,7 @@ jobs:
 
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
diff --git a/.github/workflows/preview-release.yaml b/.github/workflows/preview-release.yaml
@@ -26,7 +26,7 @@ jobs:
 
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
diff --git a/.github/workflows/require-allow-edits.yml b/.github/workflows/require-allow-edits.yml
@@ -16,7 +16,7 @@ jobs:
 
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -33,7 +33,7 @@ jobs:
 
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
@@ -73,6 +73,6 @@ jobs:
 
             # Upload the results to GitHub's code scanning dashboard.
             - name: "Upload to code-scanning"
-              uses: "github/codeql-action/upload-sarif@39edc492dbe16b1465b0cafca41432d857bdb31a" # v3.29.1
+              uses: "github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b" # v3.29.2
               with:
                   sarif_file: "results.sarif"
diff --git a/.github/workflows/semantic-pull-request.yml b/.github/workflows/semantic-pull-request.yml
@@ -23,7 +23,7 @@ jobs:
         name: "Semantic Pull Request"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml
@@ -28,12 +28,12 @@ jobs:
 
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
             - name: "Wait for tests to succeed"
-              uses: "lewagon/wait-on-check-action@ccfb013c15c8afb7bf2b7c028fb74dc5a068cccc" # v1.3.4
+              uses: "lewagon/wait-on-check-action@0dceb95e7c4cad8cc7422aee3885998f5cab9c79" # v1.4.0
               timeout-minutes: 20
               with:
                   ref: "${{ github.event.pull_request.head.sha || github.sha }}"
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -32,7 +32,7 @@ jobs:
             codecov: "${{ steps.changes.outputs.codecov }}"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
@@ -72,7 +72,7 @@ jobs:
             NODE: "${{ matrix.node_version }}"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
@@ -128,7 +128,7 @@ jobs:
             NODE: "${{ matrix.node_version }}"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
@@ -206,7 +206,7 @@ jobs:
             # If any jobs we depend on fail, we will fail since this is a required check
             # NOTE: A timeout is considered a failure
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863" # v2.12.1
+              uses: "step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49" # v2.12.2
               with:
                   egress-policy: "audit"
 
