ci(deps): bump the actions group with 3 updates by dependabot[bot] · Pull Request #21 · inferadb/control

dependabot · 2025-12-05T03:33:49Z

Bumps the actions group with 3 updates: step-security/harden-runner, actions/labeler and actions/stale.

Updates step-security/harden-runner from 2.12.0 to 2.13.3

Release notes

Sourced from step-security/harden-runner's releases.

v2.13.3

What's Changed

Fixed an issue where process events were not uploaded in certain edge cases.

Full Changelog: step-security/harden-runner@v2.13.2...v2.13.3

v2.13.2

What's Changed

Fixed an issue where there was a limit of 512 allowed endpoints when using block egress policy. This restriction has been removed, allowing for an unlimited number of endpoints to be configured.

Harden Runner now automatically detects if the agent is already pre-installed on a custom VM image used by a GitHub-hosted runner. When detected, the action will skip reinstallation and use the existing agent.

Full Changelog: step-security/harden-runner@v2.13.1...v2.13.2

v2.13.1

What's Changed

Graceful handling of HTTP errors: Improved error handling when fetching Harden Runner policies from the StepSecurity Policy Store API, ensuring more reliable execution even in case of temporary network/API issues.

Security updates for npm dependencies: Updated vulnerable npm package dependencies to the latest secure versions.

Faster enterprise agent downloads: The enterprise agent is now downloaded from GitHub Releases instead of packages.stepsecurity.io, improving download speed and reliability.

Full Changelog: step-security/harden-runner@v2.13.0...v2.13.1

v2.13.0

What's Changed

Improved job markdown summary

Https monitoring for all domains (included with the enterprise tier)

Full Changelog: step-security/harden-runner@v2...v2.13.0

v2.12.2

What's Changed

Added HTTPS Monitoring for additional destinations - *.githubusercontent.com Bug fixes:

Implicitly allow local multicast, local unicast and broadcast IP addresses in block mode

Increased policy map size for block mode

Full Changelog: step-security/harden-runner@v2...v2.12.2

v2.12.1

What's Changed

Detection capabilities have been upgraded to better recognize attempts at runner tampering. These improvements are informed by real-world incident learnings, including analysis of anomalous behaviors observed in the tj-actions and reviewdog supply chain attack.

Resolved an issue where the block policy was not enforced correctly when the GitHub Actions job was running inside a container on a self-hosted VM runner.

Full Changelog: step-security/harden-runner@v2...v2.12.1

Commits

df199fb Merge pull request #620 from step-security/rc-29
03d096a update agent
4090107 fix: update agent
95d9a5d Merge pull request #606 from step-security/rc-28
87e429d Update limitations.md
ef891c3 feat: add support for custom vm image
1fa8c8a update agent
92c522a Merge pull request #593 from step-security/ak-readme-updates
4719ad5 README updates
4fde639 Merge pull request #591 from eromosele-stepsecurity/Upd
Additional commits viewable in compare view

Updates actions/labeler from 5.0.0 to 6.0.1

Release notes

Sourced from actions/labeler's releases.

v6.0.1

What's Changed

Upgrade publish-action from 0.2.2 to 0.4.0 by @aparnajyothi-y in actions/labeler#901

New Contributors

@aparnajyothi-y made their first contribution in actions/labeler#901

Full Changelog: actions/labeler@v6.0.0...v6.0.1

v6.0.0

What's Changed

Add workflow file for publishing releases to immutable action package by @jcambass in actions/labeler#802

Breaking Changes

Upgrade Node.js version to 24 in action and dependencies @salmanmkc in actions/labeler#891 Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. Release Notes

Dependency Upgrades

Upgrade eslint-config-prettier from 9.0.0 to 9.1.0 by @dependabot[bot] in actions/labeler#711

Upgrade eslint from 8.52.0 to 8.55.0 by @dependabot[bot] in actions/labeler#720

Upgrade @types/jest from 29.5.6 to 29.5.11 by @dependabot[bot] in actions/labeler#719

Upgrade @types/js-yaml from 4.0.8 to 4.0.9 by @dependabot[bot] in actions/labeler#718

Upgrade @typescript-eslint/parser from 6.9.0 to 6.14.0 by @dependabot[bot] in actions/labeler#717

Upgrade prettier from 3.0.3 to 3.1.1 by @dependabot[bot] in actions/labeler#726

Upgrade eslint from 8.55.0 to 8.56.0 by @dependabot[bot] in actions/labeler#725

Upgrade @typescript-eslint/parser from 6.14.0 to 6.19.0 by @dependabot[bot] in actions/labeler#745

Upgrade eslint-plugin-jest from 27.4.3 to 27.6.3 by @dependabot[bot] in actions/labeler#744

Upgrade @typescript-eslint/eslint-plugin from 6.9.0 to 6.20.0 by @dependabot[bot] in actions/labeler#750

Upgrade prettier from 3.1.1 to 3.2.5 by @dependabot[bot] in actions/labeler#752

Upgrade undici from 5.26.5 to 5.28.3 by @dependabot[bot] in actions/labeler#757

Upgrade braces from 3.0.2 to 3.0.3 by @dependabot[bot] in actions/labeler#789

Upgrade minimatch from 9.0.3 to 10.0.1 by @dependabot[bot] in actions/labeler#805

Upgrade @actions/core from 1.10.1 to 1.11.1 by @dependabot[bot] in actions/labeler#811

Upgrade typescript from 5.4.3 to 5.7.2 by @dependabot[bot] in actions/labeler#819

Upgrade @typescript-eslint/parser from 7.3.1 to 8.17.0 by @dependabot[bot] in actions/labeler#824

Upgrade prettier from 3.2.5 to 3.4.2 by @dependabot[bot] in actions/labeler#825

Upgrade @types/jest from 29.5.12 to 29.5.14 by @dependabot[bot] in actions/labeler#827

Upgrade eslint-plugin-jest from 27.9.0 to 28.9.0 by @dependabot[bot] in actions/labeler#832

Upgrade ts-jest from 29.1.2 to 29.2.5 by @dependabot[bot] in actions/labeler#831

Upgrade @vercel/ncc from 0.38.1 to 0.38.3 by @dependabot[bot] in actions/labeler#830

Upgrade typescript from 5.7.2 to 5.7.3 by @dependabot[bot] in actions/labeler#835

Upgrade eslint-plugin-jest from 28.9.0 to 28.11.0 by @dependabot[bot] in actions/labeler#839

Upgrade undici from 5.28.4 to 5.28.5 by @dependabot[bot] in actions/labeler#842

Upgrade @octokit/request-error from 5.0.1 to 5.1.1 by @dependabot[bot] in actions/labeler#846

Documentation changes

Add note regarding pull_request_target to README.md by @silverwind in actions/labeler#669

Update readme with additional examples and important note about pull_request_target event by @IvanZosimov in actions/labeler#721

Document update - permission section by @harithavattikuti in actions/labeler#840

... (truncated)

Commits

634933e publish-action upgrade to 0.4.0 from 0.2.2 (#901)
f1a63e8 Update Node.js version to 24 in action and dependencies (#891)
b0a1180 Bump @octokit/request-error from 5.0.1 to 5.1.1 (#846)
110d441 Update README.md (#871)
bee50fe Bump undici from 5.28.4 to 5.28.5 (#842)
6463cdb Bump eslint-plugin-jest from 28.9.0 to 28.11.0 (#839)
c209686 Bump typescript from 5.7.2 to 5.7.3 (#835)
5184940 Bump @vercel/ncc from 0.38.1 to 0.38.3 (#830)
3629d55 Document update - permission section (#840)
d24f7f3 Bump ts-jest from 29.1.2 to 29.2.5 (#831)
Additional commits viewable in compare view

Updates actions/stale from 9.1.0 to 10.1.1

Release notes

Sourced from actions/stale's releases.

v10.1.1

What's Changed

Bug Fix

Add Missing Input Reading for only-issue-types by @Bibo-Joshi in actions/stale#1298

Improvement

Improves error handling when rate limiting is disabled on GHES. by @chiranjib-swain in actions/stale#1300

Dependency Upgrades

Upgrade eslint-config-prettier from 8.10.0 to 10.1.8 by @dependabot in actions/stale#1276

Upgrade @types/node from 20.10.3 to 24.2.0 and document breaking changes in v10 by @dependabot in actions/stale#1280

Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @dependabot in actions/stale#1291

Upgrade actions/checkout from 4 to 6 by @dependabot in actions/stale#1306

New Contributors

@chiranjib-swain made their first contribution in actions/stale#1300

Full Changelog: actions/stale@v10...v10.1.1

v10.1.0

What's Changed

Add only-issue-types option to filter issues by type by @Bibo-Joshi in actions/stale#1255

New Contributors

@Bibo-Joshi made their first contribution in actions/stale#1255

Full Changelog: actions/stale@v10...v10.1.0

v10.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/stale#1279 Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. Release Notes

Enhancement

Introducing sort-by option by @suyashgaonkar in actions/stale#1254

Dependency Upgrades

Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @dependabot[bot] in actions/stale#1186

Upgrade undici from 5.28.4 to 5.28.5 by @dependabot[bot] in actions/stale#1201

Upgrade @action/cache from 4.0.0 to 4.0.2 by @aparnajyothi-y in actions/stale#1226

Upgrade @action/cache from 4.0.2 to 4.0.3 by @suyashgaonkar in actions/stale#1233

Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in actions/stale#1251

Upgrade form-data to bring in fix for critical vulnerability by @gowridurgad in actions/stale#1277

Documentation changes

Changelog update for recent releases by @suyashgaonkar in actions/stale#1224

Permissions update in Readme by @ghadimir in actions/stale#1248

... (truncated)

Commits

9971854 build(deps): bump actions/checkout from 4 to 6 (#1306)
5611b9d build(deps): bump actions/publish-action from 0.3.0 to 0.4.0 (#1291)
fad0de8 Improves error handling when rate limiting is disabled on GHES. (#1300)
39bea7d Add Missing Input Reading for only-issue-types (#1298)
e46bbab build(deps-dev): bump @types/node from 20.10.3 to 24.2.0 and document breakin...
65d1d48 build(deps-dev): bump eslint-config-prettier from 8.10.0 to 10.1.8 (#1276)
5f858e3 Add only-issue-types option to filter issues by type (#1255)
3a9db7e Upgrade to node 24 (#1279)
8f717f0 Bumps form-data (#1277)
a92fd57 build(deps): bump undici from 5.28.5 to 5.29.0 (#1251)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the actions group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [actions/labeler](https://github.com/actions/labeler) and [actions/stale](https://github.com/actions/stale). Updates `step-security/harden-runner` from 2.12.0 to 2.13.3 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@v2.12.0...df199fb) Updates `actions/labeler` from 5.0.0 to 6.0.1 - [Release notes](https://github.com/actions/labeler/releases) - [Commits](actions/labeler@8558fd7...634933e) Updates `actions/stale` from 9.1.0 to 10.1.1 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@5bef64f...9971854) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.13.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/labeler dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/stale dependency-version: 10.1.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added area/ci CI/CD dependencies labels Dec 5, 2025

github-actions bot added area/config Configuration repo/management labels Dec 5, 2025

evansims removed the repo/management label Dec 5, 2025

evansims approved these changes Dec 5, 2025

View reviewed changes

evansims merged commit eed6d31 into main Dec 5, 2025
12 checks passed

evansims deleted the dependabot/github_actions/actions-76f2799f44 branch December 5, 2025 04:40

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci(deps): bump the actions group with 3 updates#21

ci(deps): bump the actions group with 3 updates#21
evansims merged 1 commit intomainfrom
dependabot/github_actions/actions-76f2799f44

dependabot bot commented on behalf of github Dec 5, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Dec 5, 2025

v2.13.3

What's Changed

v2.13.2

What's Changed

v2.13.1

What's Changed

v2.13.0

What's Changed

v2.12.2

What's Changed

v2.12.1

What's Changed

v6.0.1

What's Changed

New Contributors

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Documentation changes

v10.1.1

What's Changed

Bug Fix

Improvement

Dependency Upgrades

New Contributors

v10.1.0

What's Changed

New Contributors

v10.0.0

What's Changed

Breaking Changes

Enhancement

Dependency Upgrades

Documentation changes

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant