fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
alpine	final	patch	3.21.2 -> 3.21.3
codecov/codecov-action	action	minor	v5.3.0 -> v5.4.0
github.com/go-git/go-git/v5	require	minor	v5.13.2 -> v5.14.0
github.com/go-vela/sdk-go	require	patch	v0.26.0 -> v0.26.1
github.com/go-vela/server	require	patch	v0.26.0 -> v0.26.2
github.com/urfave/cli/v2	require	patch	v2.27.5 -> v2.27.6
github/codeql-action	action	patch	v3.28.4 -> v3.28.11

---

Release Notes

codecov/codecov-action (codecov/codecov-action)

v5.4.0

Compare Source

What's Changed

• update wrapper submodule to 0.2.0, add recurse_submodules arg by @​matt-codecov in https://github.com/codecov/codecov-action/pull/1780
• build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by @​app/dependabot in https://github.com/codecov/codecov-action/pull/1775
• build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @​app/dependabot in https://github.com/codecov/codecov-action/pull/1776
• build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 by @​app/dependabot in https://github.com/codecov/codecov-action/pull/1777
• Clarify in README that use_pypi bypasses integrity checks too by @​webknjaz in https://github.com/codecov/codecov-action/pull/1773
• Fix use of safe.directory inside containers by @​Flamefire in https://github.com/codecov/codecov-action/pull/1768
• Fix description for report_type input by @​craigscott-crascit in https://github.com/codecov/codecov-action/pull/1770
• build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by @​app/dependabot in https://github.com/codecov/codecov-action/pull/1765
• Fix a typo in the example by @​miranska in https://github.com/codecov/codecov-action/pull/1758
• build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 by @​app/dependabot in https://github.com/codecov/codecov-action/pull/1757
• build(deps): bump github/codeql-action from 3.28.1 to 3.28.5 by @​app/dependabot in https://github.com/codecov/codecov-action/pull/1753

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.3.1..v5.4.0

v5.3.1

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.3.0..v5.3.1

go-git/go-git (github.com/go-git/go-git/v5)

v5.14.0

Compare Source

What's Changed

• v5: Bump Go and dependencies to mitigate GO-2025-3487 by @​pjbgf in https://github.com/go-git/go-git/pull/1436

⚠️ Note that this version requires Go 1.23, due to the bump to golang.org/x/crypto@v0.35.0 which mitigates the CVE above. User's that can't bump to Go 1.23 will need to remain on the previous v5.13.x release.

Full Changelog: go-git/go-git@v5.13.2...v5.14.0

go-vela/sdk-go (github.com/go-vela/sdk-go)

v0.26.1

Compare Source

What's Changed

• chore: bump server v0.26.2 by @​ecrupper in https://github.com/go-vela/sdk-go/pull/347
• chore(deps): update all non-major dependencies by @​renovate in https://github.com/go-vela/sdk-go/pull/346

Full Changelog: go-vela/sdk-go@v0.26.0...v0.26.1

go-vela/server (github.com/go-vela/server)

v0.26.2

Compare Source

What's Changed

• fix(compiler): surface template warnings and StringSliceMap YAML errors by @​ecrupper in https://github.com/go-vela/server/pull/1251
• fix(deployment): validate inputs in a case-insensitive manner by @​ecrupper in https://github.com/go-vela/server/pull/1258
• fix(yaml): bubble up rules struct unmarshal errors by @​ecrupper in https://github.com/go-vela/server/pull/1256
• fix(compiler): validate step naming conflicts by @​ecrupper in https://github.com/go-vela/server/pull/1257
• chore(deps): upgrade go-github to v69 by @​ecrupper in https://github.com/go-vela/server/pull/1259
• fix(deps): update all non-major dependencies by @​renovate in https://github.com/go-vela/server/pull/1253

Full Changelog: go-vela/server@v0.26.1...v0.26.2

v0.26.1

Compare Source

What's Changed

• fix(compiler): bust template cache on Duplicate by @​ecrupper in https://github.com/go-vela/server/pull/1249
• fix(compiler): treat top level anchors like nested anchors by @​ecrupper in https://github.com/go-vela/server/pull/1250
• fix(deps): update all non-major dependencies by @​renovate in https://github.com/go-vela/server/pull/1248

Full Changelog: go-vela/server@v0.26.0...v0.26.1

urfave/cli (github.com/urfave/cli/v2)

v2.27.6

Compare Source

What's Changed

• Use usage template in subcommand help by @​meatballhat in https://github.com/urfave/cli/pull/1986
• Docs: Update cli.yml by @​dearchap in https://github.com/urfave/cli/pull/2015
• Fix:(issue_2069) Add sep for string slice by @​dearchap in https://github.com/urfave/cli/pull/2070

Full Changelog: urfave/cli@v2.27.5...v2.27.6

github/codeql-action (github/codeql-action)

v3.28.11

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.11 - 07 Mar 2025

• Update default CodeQL bundle version to 2.20.6. #​2793

See the full CHANGELOG.md for more information.

v3.28.10

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.10 - 21 Feb 2025

• Update default CodeQL bundle version to 2.20.5. #​2772
• Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #​2768

See the full CHANGELOG.md for more information.

v3.28.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.9 - 07 Feb 2025

• Update default CodeQL bundle version to 2.20.4. #​2753

See the full CHANGELOG.md for more information.

v3.28.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.8 - 29 Jan 2025

• Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #​2744

See the full CHANGELOG.md for more information.

v3.28.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.7 - 29 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.6 - 27 Jan 2025

• Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #​2726

See the full CHANGELOG.md for more information.

v3.28.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.5 - 24 Jan 2025

• Update default CodeQL bundle version to 2.20.3. #​2717

See the full CHANGELOG.md for more information.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.93%. Comparing base (b29ebad) to head (c071524).
Report is 2 commits behind head on main.

❌ Your project status has failed because the head coverage (78.93%) is below the target coverage (90.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #594   +/-   ##
=======================================
  Coverage   78.93%   78.93%           
=======================================
  Files         172      172           
  Lines        7772     7772           
=======================================
  Hits         6135     6135           
  Misses       1401     1401           
  Partials      236      236           

🚀 New features to boost your workflow:

• ❄ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 15 additional dependencies were updated

Details:

Package	Change
github.com/Microsoft/go-winio	v0.6.1 -> v0.6.2
github.com/cloudflare/circl	v1.3.7 -> v1.6.0
github.com/cyphar/filepath-securejoin	v0.3.6 -> v0.4.1
github.com/golang/groupcache	v0.0.0-20210331224755-41bb18bfe9da -> v0.0.0-20241129210726-2c02b8208cf8
github.com/google/go-cmp	v0.6.0 -> v0.7.0
github.com/skeema/knownhosts	v1.3.0 -> v1.3.1
go.starlark.net	v0.0.0-20241226192728-8dfa5b98479f -> v0.0.0-20250205221240-492d3672b3f4
golang.org/x/crypto	v0.32.0 -> v0.35.0
golang.org/x/net	v0.34.0 -> v0.35.0
golang.org/x/oauth2	v0.25.0 -> v0.26.0
golang.org/x/sync	v0.10.0 -> v0.11.0
golang.org/x/sys	v0.29.0 -> v0.30.0
golang.org/x/term	v0.28.0 -> v0.29.0
golang.org/x/text	v0.21.0 -> v0.22.0
k8s.io/apimachinery	v0.32.1 -> v0.32.2