[deps]: Update github-action minor

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
Swatinem/rust-cache	action	minor	v2.7.7 -> v2.8.2
actions/create-github-app-token	action	minor	v2.1.1 -> v2.2.1
actions/create-github-app-token	action	minor	v2.1.4 -> v2.2.1
actions/setup-node	action	minor	v6.0.0 -> v6.1.0
anchore/scan-action	action	minor	v7.0.0 -> v7.2.2
codecov/codecov-action	action	minor	v5.4.3 -> v5.5.2
docker/setup-buildx-action	action	minor	v3.10.0 -> v3.12.0
docker/setup-qemu-action	action	minor	v3.6.0 -> v3.7.0
dorny/test-reporter	action	minor	v2.1.0 -> v2.3.0
grafana/run-k6-action	action	minor	v1.2.0 -> v1.3.1
launchdarkly/find-code-references	action	minor	v2.13.0 -> v2.14.0
ncipollo/release-action	action	minor	v1.16.0 -> v1.20.0
sigstore/cosign-installer	action	minor	v3.8.2 -> v3.10.1

---

Release Notes

Swatinem/rust-cache (Swatinem/rust-cache)

v2.8.2

Compare Source

What's Changed

• ci: address lint findings, add zizmor workflow by @​woodruffw in #​262
• feat: Implement ability to disable adding job ID + rust environment hashes to cache names by @​Ryan-Brice in #​279
• Don't overwrite env for cargo-metadata call by @​MaeIsBad in #​285

New Contributors

• @​woodruffw made their first contribution in #​262
• @​Ryan-Brice made their first contribution in #​279
• @​MaeIsBad made their first contribution in #​285

Full Changelog: Swatinem/rust-cache@v2.8.1...v2.8.2

v2.8.1

Compare Source

What's Changed

• Set empty CARGO_ENCODED_RUSTFLAGS in workspace metadata retrieval by @​ark0f in #​249
• chore(deps): update dependencies by @​reneleonhardt in #​251
• chore: fix dependabot groups by @​reneleonhardt in #​253
• Bump the prd-patch group with 2 updates by @​dependabot[bot] in #​254
• chore(dependabot): regenerate and commit dist/ by @​reneleonhardt in #​257
• Bump @​types/node from 22.16.3 to 24.2.1 in the dev-major group by @​dependabot[bot] in #​255
• Bump typescript from 5.8.3 to 5.9.2 in the dev-minor group by @​dependabot[bot] in #​256
• Bump actions/setup-node from 4 to 5 in the actions group by @​dependabot[bot] in #​259
• Update README.md by @​Propfend in #​234
• Bump @​types/node from 24.2.1 to 24.3.0 in the dev-minor group by @​dependabot[bot] in #​258

New Contributors

• @​ark0f made their first contribution in #​249
• @​reneleonhardt made their first contribution in #​251
• @​dependabot[bot] made their first contribution in #​254
• @​Propfend made their first contribution in #​234

Full Changelog: Swatinem/rust-cache@v2...v2.8.1

v2.8.0

Compare Source

What's Changed

• Add cache-workspace-crates feature by @​jbransen in #​246
• Feat: support warpbuild cache provider by @​stegaBOB in #​247

New Contributors

• @​jbransen made their first contribution in #​246
• @​stegaBOB made their first contribution in #​247

Full Changelog: Swatinem/rust-cache@v2.7.8...v2.8.0

v2.7.8

Compare Source

What's Changed

• Include CPU arch in the cache key for arm64 Linux runners by @​rhysd in #​228

Full Changelog: Swatinem/rust-cache@v2.7.7...v2.7.8

actions/create-github-app-token (actions/create-github-app-token)

v2.2.1

Compare Source

Bug Fixes

• deps: bump the production-dependencies group with 2 updates (#​311) (b212e6a)

v2.2.0

Compare Source

Bug Fixes

• deps: bump glob from 10.4.5 to 10.5.0 (#​305) (5480f43)
• deps: bump p-retry from 6.2.1 to 7.1.0 (#​294) (dce3be8)
• deps: bump the production-dependencies group with 2 updates (#​292) (55e2a4b)

Features

• update permission inputs (#​296) (d90aa53)

v2.1.4

Compare Source

Bug Fixes

• deps: bump @​octokit/auth-app from 7.2.1 to 8.0.1 (#​257) (bef1eaf)

v2.1.3

Compare Source

Bug Fixes

• deps: bump undici from 7.8.0 to 7.10.0 in the production-dependencies group (#​254) (f3d5ec2)

v2.1.2

Compare Source

Bug Fixes

• deps: bump @​octokit/request from 9.2.3 to 10.0.2 (#​256) (5d7307b)

actions/setup-node (actions/setup-node)

v6.1.0

Compare Source

What's Changed

Enhancement:

• Remove always-auth configuration handling by @​priyagupta108 in #​1436

Dependency updates:

• Upgrade @​actions/cache from 4.0.3 to 4.1.0 by @​dependabot[bot] in #​1384
• Upgrade actions/checkout from 5 to 6 by @​dependabot[bot] in #​1439
• Upgrade js-yaml from 3.14.1 to 3.14.2 by @​dependabot[bot] in #​1435

Documentation update:

• Add example for restore-only cache in documentation by @​aparnajyothi-y in #​1419

Full Changelog: actions/setup-node@v6...v6.1.0

anchore/scan-action (anchore/scan-action)

v7.2.2

Compare Source

New in scan-action v7.2.2

• update Grype to v0.104.2 (#​557) [[anchore-actions-token-generator[bot]](https://github.com/anchore-actions-token-generator[bot])]
• bump glob from 10.4.5 to 10.5.0 (#​546) [[dependabot[bot]](https://github.com/dependabot[bot])]

v7.2.1

Compare Source

New in scan-action v7.2.1

• updated Grype to v0.104.1 (#​550) [[anchore-actions-token-generator[bot]](https://github.com/anchore-actions-token-generator[bot])]
• bump js-yaml from 3.14.1 to 3.14.2 (#​544) [[dependabot[bot]](https://github.com/dependabot[bot])]

v7.2.0

Compare Source

New in scan-action v7.2.0

• chore(deps): update Grype to v0.104.0 (#​541) [[anchore-actions-token-generator[bot]](https://github.com/anchore-actions-token-generator[bot])]
• chore(deps-dev): bump tar from 7.5.1 to 7.5.2 (#​538) [[dependabot[bot]](https://github.com/dependabot[bot])]
• chore(deps-dev): bump eslint from 9.38.0 to 9.39.0 (#​539) [[dependabot[bot]](https://github.com/dependabot[bot])]

v7.1.0

Compare Source

New in scan-action v7.1.0

• chore(deps): update Grype to v0.102.0 (#​536) [[anchore-actions-token-generator[bot]](https://github.com/anchore-actions-token-generator[bot])]
• chore(deps-dev): bump lint-staged from 16.2.5 to 16.2.6 (#​535) [[dependabot[bot]](https://github.com/dependabot[bot])]
• chore(deps-dev): bump eslint from 9.37.0 to 9.38.0 (#​533) [[dependabot[bot]](https://github.com/dependabot[bot])]
• chore(deps-dev): bump lint-staged from 16.2.4 to 16.2.5 (#​534) [[dependabot[bot]](https://github.com/dependabot[bot])]

v7.0.2

Compare Source

New in scan-action v7.0.2

• chore(deps): update Grype to v0.101.1 (#​532) [[anchore-actions-token-generator[bot]](https://github.com/anchore-actions-token-generator[bot])]

v7.0.1

Compare Source

scan-action v7.0.1

codecov/codecov-action (codecov/codecov-action)

v5.5.2

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

Compare Source

What's Changed

• fix: overwrite pr number on fork by @​thomasrockhu-codecov in #​1871
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​app/dependabot in #​1868
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​app/dependabot in #​1867
• fix: update to use local app/ dir by @​thomasrockhu-codecov in #​1872
• docs: fix typo in README by @​datalater in #​1866
• Document a codecov-cli version reference example by @​webknjaz in #​1774
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​app/dependabot in #​1861
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​app/dependabot in #​1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

Compare Source

What's Changed

• feat: upgrade wrapper to 0.2.4 by @​jviall in #​1864
• Pin actions/github-script by Git SHA by @​martincostello in #​1859
• fix: check reqs exist by @​joseph-sentry in #​1835
• fix: Typo in README by @​spalmurray in #​1838
• docs: Refine OIDC docs by @​spalmurray in #​1837
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​app/dependabot in #​1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

docker/setup-buildx-action (docker/setup-buildx-action)

v3.12.0

Compare Source

• Deprecate install input by @​crazy-max in #​455
• Bump @​docker/actions-toolkit from 0.62.1 to 0.63.0 in #​434
• Bump brace-expansion from 1.1.11 to 1.1.12 in #​436
• Bump form-data from 2.5.1 to 2.5.5 in #​432
• Bump undici from 5.28.4 to 5.29.0 in #​435

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

v3.11.1

Compare Source

• Fix keep-state not being respected by @​crazy-max in #​429

Full Changelog: docker/setup-buildx-action@v3.11.0...v3.11.1

v3.11.0

Compare Source

• Keep BuildKit state support by @​crazy-max in #​427
• Remove aliases created when installing by default by @​hashhar in #​139
• Bump @​docker/actions-toolkit from 0.56.0 to 0.62.1 in #​422 #​425

Full Changelog: docker/setup-buildx-action@v3.10.0...v3.11.0

docker/setup-qemu-action (docker/setup-qemu-action)

v3.7.0

Compare Source

• Bump @​docker/actions-toolkit from 0.56.0 to 0.67.0 in #​217 #​230
• Bump brace-expansion from 1.1.11 to 1.1.12 in #​220
• Bump form-data from 2.5.1 to 2.5.5 in #​218
• Bump tmp from 0.2.3 to 0.2.4 in #​221
• Bump undici from 5.28.4 to 5.29.0 in #​219

Full Changelog: docker/setup-qemu-action@v3.6.0...v3.7.0

dorny/test-reporter (dorny/test-reporter)

v2.3.0

Compare Source

What's Changed

• Fix short summary formatting when a report title is present by @​micmarc in #​645
• Python support based on Java JUnit parser by @​micmarc in #​643
• Update sax.js to fix large XML file parsing by @​phactum-mnestler in #​681
• Enhance pytest support by @​micmarc in #​683
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in #​687
• Add missing golang-json reporter to action.yml by @​jozefizso in #​690
• Bump js-yaml from 3.14.0 to 3.14.2 in /reports/jest by @​dependabot[bot] in #​685
• Complete documentation for all supported reporters by @​jozefizso in #​691
• Bump js-yaml and mocha in /reports/mocha by @​dependabot[bot] in #​682

New Contributors

• @​phactum-mnestler made their first contribution in #​681

Full Changelog: dorny/test-reporter@v2.2.0...v2.3.0

v2.2.0

Compare Source

v2.1.1

Compare Source

A bug fix release of the test-reporter action.

What's Changed

• Use if: '!cancelled()' by @​Vampire in #​576
• Update packages to latest minor releases by @​jozefizso in #​599
• Add step summary short summary by @​OlesGalatsan in #​589
• Return links to summary report by @​OlesGalatsan in #​588
• Add type definitions to github-utils.ts by @​jozefizso in #​604
• Configure markdown linting rules by @​jozefizso in #​605
• List only failed tests by @​jozefizso in #​606
• Add stack trace from trx to summary by @​dboriichuk in #​615
• Update development dependencies by @​jozefizso in #​628
• Fix error when a TestMethod element does not have a className attribute in a trx file by @​0xced in #​623
• test-reporter release v2.1.1 by @​jozefizso in #​638

New Contributors

• @​dboriichuk made their first contribution in #​615
• @​0xced made their first contribution in #​623

Full Changelog: dorny/test-reporter@v2.1.0...v2.1.1

grafana/run-k6-action (grafana/run-k6-action)

v1.3.1

Compare Source

What's Changed

• Persist credentials to move major tag by @​DefCon-007 in #​74
• Configure git username and email locally and not globally by @​DefCon-007 in #​75
• Use token in origin URL before pushing tag by @​DefCon-007 in #​76

Full Changelog: grafana/run-k6-action@v1.3.0...v1.3.1

v1.3.0

Compare Source

What's Changed

• Register Component into Software Catalog and set up TechDocs publishing by @​enghub-ops-integration[bot] in #​47
• Add CODEOWNERS file by @​DefCon-007 in #​50
• Fix zizmor issues by @​DefCon-007 in #​52
• Output testRunIds to GitHub workflow by @​steve-brady-jet in #​51
• Fix formatting issues by @​DefCon-007 in #​53
• chore: update missing with: for advanced examples by @​GVengelen in #​54
• fix: update cloud command by @​greyvugrin in #​43
• Fix formatting issues and workflow triggers for unit tests by @​DefCon-007 in #​56
• Replace github CI/CD secrets for Vault secrets by @​Lantero in #​57
• chore(deps): update dependency prettier to ^3.6.2 by @​renovate-sh-app[bot] in #​64
• chore(deps): update dependency eslint-import-resolver-typescript to ^3.10.1 by @​renovate-sh-app[bot] in #​63
• chore(deps): update grafana/shared-workflows/get-vault-secrets action to v1.3.0 by @​renovate-sh-app[bot] in #​66
• chore(deps): pin dependencies by @​renovate-sh-app[bot] in #​60
• chore(deps): update dependency @​types/semver to v7.7.1 by @​renovate-sh-app[bot] in #​69
• Define testRunIds output in action.yaml by @​dgzlopes in #​73

New Contributors

• @​enghub-ops-integration[bot] made their first contribution in #​47
• @​steve-brady-jet made their first contribution in #​51
• @​GVengelen made their first contribution in #​54
• @​greyvugrin made their first contribution in #​43
• @​Lantero made their first contribution in #​57
• @​renovate-sh-app[bot] made their first contribution in #​64

Full Changelog: grafana/run-k6-action@v1...v1.3.0

launchdarkly/find-code-references (launchdarkly/find-code-references)

v2.14.0

Compare Source

Added:

• --skipArchivedFlags option to instruct the tool to ignore any flag keys it finds from archived flags

Changed:

• replaced the stdlib regexp with go-re2 for improved regexp compilation and pattern matching
• now using caching to optimize file globbing and regex compilation
• move off of legacy olekukonko/tablewriter and onto v1.x
• updated to the latest version of the LaunchDarkly API

Fixed:

• subdirectory option now works with projects[*].dir configuration, and produces correct "View in source" links in the LD UI

ncipollo/release-action (ncipollo/release-action)

v1.20.0

Compare Source

What's Changed

• Fixes #​542 Add previous tag option by @​ncipollo in #​550

Full Changelog: ncipollo/release-action@v1...v1.20.0

v1.19.2

Compare Source

What's Changed

• Update immutableCreate's default in the documentation by @​bblanchon in #​547
• Fixes #​548 Add support body + generated release notes by @​ncipollo in #​549

New Contributors

• @​bblanchon made their first contribution in #​547

Full Changelog: ncipollo/release-action@v1...v1.19.2

v1.19.1

Compare Source

Defaults immutableCreate to false if it is omitted.

Full Changelog: ncipollo/release-action@v1.19.0...v1.19.1

v1.19.0

Compare Source

What's Changed

• Fixes #​540 Add support for immutable releases by @​ncipollo in #​544
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in #​541
• Bump glob from 11.0.2 to 11.0.3 by @​dependabot[bot] in #​534

Full Changelog: ncipollo/release-action@v1...v1.19.0

v1.18.0

Compare Source

• Fixes #​529 Collect asset URLs into output

Full Changelog: ncipollo/release-action@v1...v1.18.0

v1.17.0

Compare Source

What's Changed

• Bump ts-jest from 29.2.5 to 29.2.6 by @​dependabot in #​506
• Bump @​types/node from 22.13.4 to 22.13.8 by @​dependabot in #​505
• Bump @​octokit/plugin-paginate-rest from 9.1.5 to 9.2.2 by @​dependabot in #​507
• Bump @​octokit/request from 8.1.6 to 8.4.1 by @​dependabot in #​508
• Fixes #​513 Don't generate release notes if omitBody is set by @​ncipollo in #​517
• Bump typescript from 5.7.3 to 5.8.3 by @​dependabot in #​518
• Bump ts-jest from 29.2.6 to 29.3.2 by @​dependabot in #​521
• Bump glob from 11.0.1 to 11.0.2 by @​dependabot in #​520
• Bump @​types/node from 22.13.8 to 22.15.3 by @​dependabot in #​519
• Bump ts-jest from 29.3.2 to 29.3.4 by @​dependabot in #​526
• Bump @​actions/github from 6.0.0 to 6.0.1 by @​dependabot in #​525
• Bump @​types/node from 22.15.18 to 22.15.29 by @​dependabot in #​524
• Fixes #​529 Add zip and tarball urls to output

Full Changelog: ncipollo/release-action@v1...v1.17.0

sigstore/cosign-installer (sigstore/cosign-installer)

v3.10.1

Compare Source

What's Changed?

Note: cosign-installer v3.x cannot be used to install Cosign v3.x. You must upgrade to cosign-installer v4 in order to use Cosign v3.

Note: This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to Cosign v3.

• Bump default Cosign to v2.6.1 (#​203)

v3.10.0

Compare Source

What's Changed

• Bump default Cosign to v2.6.0 in #​200

Full Changelog: sigstore/cosign-installer@v3.9.2...v3.10.0

v3.9.2

Compare Source

What's Changed

• not fail fast and setup permissions in #​195
• drop old unsupported versions <v2.0.0 in #​192
• Update default to v2.5.3 in #​196

Full Changelog: sigstore/cosign-installer@v3.9.1...v3.9.2

v3.9.1

Compare Source

What's Changed

• default action install to use release v2.5.1 by @​cpanato in #​193
• default cosign to v2.5.2 by @​cpanato in #​194

Full Changelog: sigstore/cosign-installer@v3.9.0...v3.9.1

v3.9.0

Compare Source

What's Changed

• Bump actions/setup-go from 5.4.0 to 5.5.0 by @​dependabot in #​189
• bump cosign install to use release v2.5.0 as default by @​cpanato in #​191

Full Changelog: sigstore/cosign-installer@v3...v3.9.0

---

Configuration

📅 Schedule: Branch creation - "every 2nd week starting on the 2 week of the year before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 58.58%. Comparing base (fafc61d) to head (ebe337b).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6327      +/-   ##
==========================================
+ Coverage   54.72%   58.58%   +3.85%     
==========================================
  Files        1920     1920              
  Lines       85264    85264              
  Branches     7632     7632              
==========================================
+ Hits        46664    49954    +3290     
+ Misses      36828    33464    -3364     
- Partials     1772     1846      +74     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Checkmarx One – Scan Summary & Details – 1c342b08-fba2-47fe-9315-632d2dbc1d0e

New Issues (3)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Path_Traversal	/src/Api/Controllers/SelfHosted/SelfHostedOrganizationLicensesController.cs: 56	details Method at line 56 of /src/Api/Controllers/SelfHosted/SelfHostedOrganizationLicensesController.cs gets dynamic data from the model element. This ... ID: HwphbdG3YaZTdiMdREyc8GsPw%2Bw%3D Attack Vector
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1170	details Method at line 1170 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... ID: ydwqMeYmBkmGAeG%2FbyXCmFNSIz4%3D Attack Vector
	CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1060	details Method at line 1060 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... ID: NBqS3wtj%2BwcjukpYL1K2xj0Y2Fw%3D Attack Vector

Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CSRF	/src/Api/Controllers/CollectionsController.cs: 208

[fntyler]

Reviewing as part of BRE-1364

[fntyler]

@michalchecinski is there any additional context around this PR?

[dereknance]

Platform changes look good 👍🏻