Update all dependencies#1

Merged

sbtaylor15 merged 1 commit intomainfrom

Jan 26, 2026

Contributor

renovate bot commented Jan 26, 2026

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
actions/checkout	action	patch	`v6.0.1` → `v6.0.2`
github.com/google/go-github/v69	require	major	`v69.2.0` → `v81.0.0`
github/codeql-action	action	minor	`v4.31.9` → `v4.32.0`
ortelius/workflow-toolkit	action	digest	`a111f83` → `cb89491`
oxsecurity/megalinter	action	digest	`43fe744` → `249990a`
peter-evans/create-pull-request (changelog)	action	digest	`98357b1` → `c0f553f`
step-security/harden-runner	action	patch	`v2.14.0` → `v2.14.1`

Release Notes

actions/checkout (actions/checkout)

`v6.0.2`

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in #2356

google/go-github (github.com/google/go-github/v69)

`v81.0.0`

This release contains the following breaking API changes:

fix!: Change Org usage report Quantity to float64 (#3862)
BREAKING CHANGE: UsageItem.Quantity is now type float64.
chore!: Remove PullRequestRuleParameters.AutomaticCopilotCodeReviewEnabled field (#3866)
BREAKING CHANGE: PullRequestRuleParameters.AutomaticCopilotCodeReviewEnabled is now removed.
feat!: Implement Enterprise SCIM - Provision Groups & Users (#3852)
BREAKING CHANGE: SCIMEnterpriseDisplayReference.Ref is now of type *string.
fix!: Change copilot_code_review field names to match GitHub API (#3874)
BREAKING CHANGE: CopilotCodeReviewRuleParameters.ReviewNewPushes is now ReviewOnPush.
fix!: Add support for missing attributes in ProjectsV2 API (#3888)
BREAKING CHANGE: AddProjectItemOptions fields have changed types.
feat!: Use omitzero for BypassActors to support handling empty arrays (#3891)
BREAKING CHANGE: UpdateRepositoryRulesetClearBypassActor, UpdateRepositoryRulesetClearBypassActor, UpdateRulesetClearBypassActor, and UpdateRulesetNoBypassActor have been removed as they are no longer needed.

...and the following additional changes:

Bump go-github from v79 to v80 in /scrape (#3855)
feat: Add support for Enterprise Team APIs (#3861)
feat: Implement Enterprise SCIM - Set Groups or Users (#3858)
build(deps): Bump golang.org/x/term from 0.37.0 to 0.38.0 in /example (#3865)
build(deps): Bump golang.org/x/sync from 0.18.0 to 0.19.0 in /tools (#3864)
build(deps): Bump actions/checkout from 6.0.0 to 6.0.1 in the actions group (#3863)
feat: Add advanced_search parameter to SearchOptions (#3868)
feat: Implement Enterprise SCIM - Delete Groups or Users (#3856)
feat: Add support for copilot_code_review rule type (#3857)
feat: Add support for Enterprise Team Members APIs (#3873)
chore: Simplify JSON marshaling for RepositoryRulesetRules (#3875)
feat: Add support for Enterprise Team Organizations APIs (#3876)
docs: Clarify CreateTree semantics and TreeEntry usage (#3877)
docs: Reformulate deprecation notice for Commits field in PushEvent (#3880)
build(deps): Bump actions/cache from 4.3.0 to 5.0.1 in the actions group (#3883)
build(deps): Bump golang.org/x/net from 0.47.0 to 0.48.0 in /scrape (#3882)
build(deps): Bump codecov/codecov-action from 5.5.1 to 5.5.2 (#3884)
build(deps): Bump golang.org/x/crypto from 0.45.0 to 0.46.0 in /example (#3885)
chore: Rename 'opt' to 'opts' in multiple methods (#3887)
feat: Add support for remaining Codespaces APIs (#3886)
feat: Handle omitzero in structfield linter (#3881)
feat: Implement Enterprise SCIM - Get a Group or User (#3889)
feat: Add support for Codespace Machines APIs (#3890)
feat: Add support for URL custom property value type (#3879)
feat: Add UploadReleaseAssetFromRelease convenience helper (#3851)
Update openapi_operations.yaml (#3895)
feat: Add support for Codespaces organizations APIs (#3892)
feat: Add support for Copilot usage metrics reports API (#3893)
feat: GetSignaturesProtectedBranch returns ErrBranchNotProtected when branch is not protected (#3896)
Bump version of go-github to v81.0.0 (#3899)

`v80.0.0`

This release contains the following breaking API changes:

feat!: Implement Enterprise SCIM - EnterpriseService.ListProvisionedSCIMUsers (#3839)
BREAKING CHANGE: ListProvisionedSCIMGroupsEnterpriseOptions optional fields are now pointers.

...and the following additional changes:

Bump go-github from v78 to v79 in /scrape (#3828)
build(deps): Bump github.com/PuerkitoBio/goquery from 1.10.3 to 1.11.0 in /scrape (#3833)
build(deps): Bump actions/checkout from 5.0.0 to 5.0.1 in the actions group (#3834)
build(deps): Bump golang.org/x/crypto from 0.43.0 to 0.44.0 in /example (#3835)
build(deps): Bump github.com/alecthomas/kong from 1.12.1 to 1.13.0 in /tools (#3837)
feat: Add support for Enterprise GitHub App Installation APIs (#3830)
Add ParentIssueURL field to Issue struct (#3841)
build(deps): Bump golang.org/x/crypto from 0.44.0 to 0.45.0 in /example (#3842)
build(deps): Bump the actions group with 2 updates (#3844)
Add custom structfield linter to check struct field names and tags (#3843)
feat: Add Credentials Revoke API (#3847)
docs: Improve displaying GitHub API links on pkg.go.dev (#3845)
feat: Add GitHub Enterprise App installation repository management APIs (#3831)
feat: Implement Enterprise SCIM - Update Group & User attributes (#3848)
chore: Update golangci-lint to v2.7.0 (#3853)
feat: Add repository target to ruleset (#3850)
Bump version of go-github to v80.0.0 (#3854)

`v79.0.0`

This release contains the following breaking API changes:

fix!: Fix field selection and bugs in ProjectsV2 GET endpoints (#3809)
BREAKING CHANGE: UpdateProjectItemOptions.Field is now []*ProjectV2FieldUpdate.
feat!: Add enterprise security configurations, update API fields (#3812)
BREAKING CHANGES: Several OrganizationsService methods have been renamed for better consistency.
feat!: Implement Enterprise SCIM - EnterpriseService.ListProvisionedSCIMGroups (#3814)
BREAKING CHANGE: SCIMService.ListSCIMProvisionedGroupsForEnterprise is now EnterpriseService.ListProvisionedSCIMEnterpriseGroups.

...and the following additional changes:

Bump go-github from v77 to v78 in /scrape (#3816)
chore: Enable 'modernize'; bump golangci-lint to v2.6.1 (#3817)
feat: Add required_reviewers support to PullRequestRuleParameters (#3806)
Add support for new custom properties for orgs APIs (#3804)
build(deps): Bump golang.org/x/sync from 0.17.0 to 0.18.0 in /tools (#3819)
chore: Enable nolintlint linter (#3821)
fix: Remove custom Accept headers from search endpoints (#3820)
Return back preview headers for search; remove TODOs for custom headers (#3824)
feat: Add hosted runners URL and network configuration ID to runner group models (#3825)
Update jsonfieldname linter to support $ in json tag names (#3826)
Bump version of go-github to v79.0.0 (#3827)

`v78.0.0`

This release contains the following breaking API changes:

feat!: Address post-merge enterprise billing cost center review (#3805)
BREAKING CHANGES: Various EnterpriseService structs have been renamed for consistency.

...and the following additional changes:

Bump go-github from v76 to v77 in /scrape (#3801)
chore: Update openapi_operations.yaml (#3802)
feat: Add support for enterprise billing cost centers API (#3803)
feat: Add sha_pinning_required to ActionsPermissions structs (#3807)
Bump version of go-github to v78.0.0 (#3815)

`v77.0.0`

This release contains the following breaking API changes:

refactor!: Remove pointer from required field of CreateStatus API (#3794)
BREAKING CHANGE: RepositoriesService.CreateStatus now takes value for status, not pointer.
feat!: Add support for project items CRUD and project fields read operations (#3793)
BREAKING CHANGES:
- ProjectV2Field.Options changed from []any to []*ProjectV2FieldOption.
- ProjectV2Field.URL is now ProjectV2Field.ProjectURL
- Optional fields in various ProjectV2 structs are now passed as pointers
- Aligns ProjectsService functions with #3761
- Almost all methods have been renamed

...and the following additional changes:

Bump go-github from v75 to v76 in /scrape (#3783)
Add custom jsonfieldname linter to ensure Go field name matches JSON tag name (#3757)
chore: Fix typo in comment (#3786)
feat: Add support for private registries endpoints (#3785)
Only set Authorization when token is available (#3789)
test: Ensure Authorization is not set with empty token (#3790)
Fix spelling issues (#3792)
Add test cases for JSON resource marshaling - SCIM (#3798)
fix: Org/Enterprise UpdateRepositoryRulesetClearBypassActor sends empty array (#3796)
Bump version of go-github to v77.0.0 (#3800)

`v76.0.0`

This release contains the following breaking API changes:

chore!: Remove ActionsBilling endpoints for User and Organization (#3701)
BREAKING CHANGE: ActionsBilling endpoints are removed.
fix!: Return RepositoryAttachment from GetRepositoriesForCodeSecurityConfiguration (#3707)
BREAKING CHANGE: GetRepositoriesForCodeSecurityConfiguration now returns RepositoryAttachment instead of Repository.
refactor!: Replace Edit with Update in permissions method names (#3731)
BREAKING CHANGE: Permissions-related methods are renamed from Edit* to Update*.
fix!: Change return type of GetDefaultCodeSecurityConfigurations (#3747)
BREAKING CHANGE: GetDefaultCodeSecurityConfigurations now returns CodeSecurityConfigurationWithDefaultForNewRepos instead of CodeSecurityConfiguration.
refactor!: Adjust function names and field types for billing API (#3770)
BREAKING CHANGE: Billing-related methods are renamed to pattern, and required fields are changed to value types.

...and the following additional changes:

Bump go-github from v74 to v75 in /scrape (#3724)
feat: Add ClientID to Installation (#3712)
feat: Add some GitHub Classroom API endpoints (#3690)
chore: Replace http.Method* constants with string literals (#3696)
fix: Repositories.UpdateRulesetClearBypassActor sets BypassActors to empty slice (#3727)
test: Ensure bypass_actors serializes as an empty array when clearing ruleset bypass actors (#3734)
Add reason field to PullRequestEvent (#3730)
chore: Update openapi_operations.yaml (#3735)
Update CONTRIBUTING.md (#3736)
feat: Support roles field in SCIM (#3728)
chore: Ignore hidden .claude settings folder (#3738)
feat: Add ListAcceptedAssignments and GetAssignmentGrades methods to Classroom API (#3732)
feat: Add immutable releases support (#3725)
build(deps): Bump actions/cache from 4.2.4 to 4.3.0 in the actions group (#3742)
refactor: Use errors package to compare and assert error types (#3739)
ci: Add errorlint configuration to golangci-lint settings (#3743)
docs: Update code snippets to use errors package for type assertions (#3746)
Update openapi_operations.yaml (#3749)
test: Use t.Context() instead of context.Background() (#3750)
chore: Add zyfy29 to REVIEWERS (#3753)
Prefer %v over %d,%s and add fmtpercentv custom linter (#3756)
test: Simplify the function that skips integration tests (#3752)
test: Fix issues in TestSecretScanningService tests (#3760)
refactor: Simplify for range loops (#3762)
chore(ci): Add example dir to dependabot config (#3764)
fix: Correct body in EnterpriseService.InitialConfig (#3763)
feat: Add premium request usage report endpoints for organizations and users (#3751)
feat: Add two new Secret Scanning API endpoints (#3687)
build(deps): Bump github.com/ProtonMail/go-crypto from 0.0.0-20230828082145-3c4c8a2d2371 to 1.3.0 in /example (#3765)
build(deps): Bump golang.org/x/crypto from 0.36.0 to 0.42.0 in /example (#3766)
build(deps): Bump github.com/gofri/go-github-pagination from 1.0.0 to 1.0.1 in /example (#3767)
Update openapi_operations.yaml (#3772)
feat: Add fork PR workflows permission API support (#3737)
Add support for organization Immutable Releases API (#3774)
feat: Add enterprise license endpoints (#3755)
build(deps): Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.0.4 to 2.17.0 in /example (#3776)
build(deps): Bump golang.org/x/net from 0.44.0 to 0.46.0 in /scrape (#3777)
build(deps): Bump golang.org/x/crypto from 0.42.0 to 0.43.0 in /example (#3778)
Add ProjectsService (#3718)
Fix breakages caused by merge (#3781)
Bump version of go-github to v76.0.0 (#3782)

`v75.0.0`

This release contains the following breaking API changes:

refactor!: Change GitService methods to pass required params by-value instead of by-ref (#3654)
BREAKING CHANGE: GitService methods now pass required params by-value instead of by-ref.

...and the following additional changes:

Bump go-github from v73 to v74 in /scrape (#3639)
Add the metadata field to create DependencyGraphSnapshot (#3640)
Bump golangci-lint to 2.3.0 (#3641)
Add additional settings fields to org API (#3642)
docs: Extend the description of ref parameters (#3643)
fix: Add validation for nil inputs in various services (#3636)
Add location info to SecretScanningAlert (#3645)
docs: Update links to use the latest version of GitHub documentation (#3648)
Add FieldValue field to ProjectV2ItemChange event. (#3650)
Add Metadata field to DependencyGraph* structs (#3653)
refactor: Fix gocritic.paramTypeCombine lint issues (#3655)
chore: Show correct path when example has lint errors (#3656)
Add Social Accounts API (#3647)
feat: Implement List Repository Activities endpoint (#3651)
docs: Use secure URLs in string literals (#3657)
feat: Update openapi (#3662)
feat: Add artifact and log retention period API support (#3664)
Document upcoming changes to events payload (#3667)
build(deps): Bump the actions group with 2 updates (#3670)
build(deps): Bump golang.org/x/net from 0.42.0 to 0.43.0 in /scrape (#3669)
fix: Replace 'organizations' with 'orgs' in API endpoints (#3673)
Update AUTHORS (#3674)
feat: Add secret scanning push protection pattern configurations API (#3672)
feat: Add self-hosted runner permission API support (#3675)
chore: Do not force Go 1.22.0 as toolchain version (#3678)
feat: Add GitHub Classroom GetAssignment API endpoint (#3685)
chore: Add new lint rule to make sure exported names documented (#3682)
chore: Enable gocritic.deprecatedComment check (#3688)
chore: Format code with gofumpt (#3689)
feat: Add private repo workflows permission API support (#3679)
chore: Replace reflect.DeepEqual with cmp.Equal in tests (#3691)
docs: Update CONTRIBUTING.md to clarify documentation requirements for exported types (#3693)
build(deps): Bump github.com/getkin/kin-openapi from 0.132.0 to 0.133.0 in /tools (#3698)
build(deps): Bump actions/setup-go from 5.5.0 to 6.0.0 in the actions group (#3709)
build(deps): Bump codecov/codecov-action from 5.4.3 to 5.5.1 (#3711)
build(deps): Bump golang.org/x/net from 0.43.0 to 0.44.0 in /scrape (#3716)
Add exempt as bypass mode to ruleset bypass actors (#3719)
Bump Go toolchain to 1.24 (#3721)
Bump golang.org/x/sync from 0.16.0 to 0.17.0 in /tools (#3722)
Bump version of go-github to v75.0.0 (#3723)

`v74.0.0`

This release contains the following breaking API changes:

fix!: Add ListSCIMProvisionedGroupsForEnterpriseOptions (#3601)
BREAKING CHANGE: ListSCIMProvisionedGroupsForEnterprise now takes ListSCIMProvisionedGroupsForEnterpriseOptions instead of *ListSCIMProvisionedIdentitiesOptions.
fix!: Change ListCheckSuiteOptions.AppID from int to int64 (#3633)
BREAKING CHANGE: Change ListCheckSuiteOptions.AppID from int to int64

...and the following additional changes:

Bump go-github from v72 to v73 in /scrape (#3600)
refactor: Simplify error handling in JSON decoding in tests (#3602)
refactor: fix revive.unused-parameter lint issues (#3603)
chore: Correct typos in comments and tests error messages (#3604)
feat: Add organization migration options (#3606)
feat: Add new enhanced billing endpoints (#3605)
docs: Update HTTP cache references to RFC 9111 compliant implementation (#3608)
fix: Remove custom Accept in Apps.ListRepos and Apps.ListUserRepos (#3609)
fix: Change UsageItem.Quantity from int to float64 (#3610)
fix: Fix broken URL for SubIssueService.Remove endpoint (#3613)
feat: Add DisableRateLimitCheck option to client (#3607)
build(deps): bump github.com/alecthomas/kong from 1.11.0 to 1.12.0 in /tools (#3614)
chore: Fix some minor issues in the comments (#3615)
fix: Handle null assignee in Copilot Seat Billing API response (#3619)
fix: Add ProtectionURL field to Repositories.ListBranches response (#3618)
feat: Add digest field to Artifact (#3621)
fix: Add missing require_last_push_approval field to branch protection rule event structs (#3623)
build(deps): bump golang.org/x/sync from 0.15.0 to 0.16.0 in /tools (#3624)
build(deps): bump golang.org/x/net from 0.41.0 to 0.42.0 in /scrape (#3625)
feat: Add the Digest field to ReleaseAsset (#3628)
refactor: Fix revive.unnecessary-format lint issues (#3629)
build(deps): bump github.com/alecthomas/kong from 1.12.0 to 1.12.1 in /tools (#3632)
docs: Extend RepositoryContentGetOptions description (#3637)
Bump version of go-github to v74.0.0 (#3638)

`v73.0.0`

This release contains the following breaking API changes:

feat!: Add repository query option to ListCustomPropertyValues (#3598)
BREAKING CHANGE: ListCustomPropertyValues now takes ListCustomPropertyValuesOptions instead of ListOptions.

...and the following additional changes:

Bump go-github from v71 to v72 in /scrape (#3572)
Update OpenAPI (#3574)
Improve DownloadContents and DownloadContentsWithMeta methods (#3573)
build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 in the actions group (#3575)
build(deps): bump golang.org/x/net from 0.39.0 to 0.40.0 in /scrape (#3576)
build(deps): bump github.com/alecthomas/kong from 1.10.0 to 1.11.0 in /tools (#3578)
build(deps): bump codecov/codecov-action from 5.4.0 to 5.4.3 (#3579)
feat: Add support for sub-issue (#3580)
fix: Add missing relationship and pkg external info for SBOMs (#3582)
chore: Use any instead of interface{} (#3584)
chore: Migrate golangci-lint to v2 (#3587)
chore: Add alexandear to REVIEWERS (#3588)
docs: Update minimum Go version in README to 1.23 (#3589)
fix: Use stable media type in Starring API (#3590)
docs: Use pkgsite links (#3591)
build(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 in /scrape (#3593)
build(deps): bump golang.org/x/sync from 0.14.0 to 0.15.0 in /tools (#3594)
build(deps): bump github.com/cloudflare/circl from 1.3.7 to 1.6.1 in /example (#3595)
Bump version of go-github to v73.0.0 (#3599)

`v72.0.0`

This release contains the following breaking API changes:

chore!: Remove support for Required Workflows (#3538)
fix!: Differentiate merge method of pull request and merge queue (#3559)
BREAKING CHANGE: MergeMethod* consts have been split into: PullRequestMergeMethod* and MergeQueueMergeMethod*.
feat!: Add support for pagination options in rules API methods (#3562)
BREAKING CHANGE: GetRulesForBranch, GetAllRulesets, and GetAllRepositoryRulesets now accept opts.

...and the following additional changes:

Bump go-github from v70 to v71 in /scrape (#3541)
build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in /scrape (#3536)
build(deps): bump github.com/alecthomas/kong from 1.9.0 to 1.10.0 in /tools (#3542)
build(deps): bump golang.org/x/sync from 0.12.0 to 0.13.0 in /tools (#3543)
Add support for registry_package event (#3545)
build(deps): bump codecov/codecov-action from 5.4.0 to 5.4.2 (#3551)
build(deps): bump golang.org/x/net from 0.38.0 to 0.39.0 in /scrape (#3549)
build(deps): bump github.com/PuerkitoBio/goquery from 1.10.2 to 1.10.3 in /scrape (#3550)
feat: Add EPSS to Dependabot alerts (#3547)
Revert "build(deps): bump codecov/codecov-action from 5.4.0 to 5.4.2" (#3552)
feat: Add new fields and options to secret scanning structs (#3548)
build(deps): bump golang.org/x/net from 0.36.0 to 0.38.0 in /example in the go_modules group across 1 directory (#3553)
Add case-instensitive GetHeader for HookRequest & HookResponse (#3556)
Add issue Type to IssueRequest (#3567)
build(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 in /tools (#3568)
build(deps): bump github.com/getkin/kin-openapi from 0.131.0 to 0.132.0 in /tools (#3569)
Add ListCursorOptions to list Issues methods (#3570)
Bump version of go-github to v72.0.0 (#3571)

`v71.0.0`

This release contains the following breaking API changes:

feat!: Add ListReactionOptions to all ListxxReactions functions to enable filter by content (#3532)
BREAKING CHANGE: ListCommentReactionOptions => ListReactionOptions and all List*Reactions methods now use it.

...and the following additional changes:

Bump go-github from v69 to v70 in /scrape (#3521)
Path escape fix in UserService.GetPackage() (#3522)
Update openapi (#3526)
feat: Add support for Issue Types API (#3525)
build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 in /example (#3528)
build(deps): bump the actions group with 2 updates (#3530)
build(deps): bump github.com/getkin/kin-openapi from 0.130.0 to 0.131.0 in /tools (#3531)
Add ListReleaseReactions and DeleteReleaseReaction (#3533)
feat: Add actions_macos field to APIMeta struct (#3535)
fix: Isolate HTTP transports in parallel tests to prevent connection issues (#3529)
chore: Remove redundant in Go 1.22 loop variables (#3537)
fix: Add back repository field in Package struct (#3539)
Bump version of go-github to v71.0.0 (#3540)

`v70.0.0`

This release contains the following breaking API changes:

feat!: Add support for network-configurations endpoints for organization (#3511)
BREAKING CHANGE: EnterpriseNetwork* structs have been replaced with Network* structs.
refactor!: Update package types to align with webhook event (#3515)
BREAKING CHANGE: PackageVersion.Body and PackageVersion.Metadata are both now json.RawMessage.

...and the following additional changes:

build(deps): bump github.com/alecthomas/kong from 1.8.0 to 1.8.1 in /tools (#3485)
build(deps): bump github.com/google/go-github/v69 from 69.0.0 to 69.2.0 in /scrape (#3483)
build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 in /tools (#3490)
Bump github.com/google/go-cmp from 0.6.0 to 0.7.0 (#3494)
build(deps): bump actions/cache from 4.2.0 to 4.2.1 in the actions group (#3492)
fix: Resolve '400 Custom domains' error on GitHub Enterprise Server (#3489)
Correct the runIDFromURLRE regex to properly match the callbackURL (#3495)
feat: Add support for GitHub-hosted runner API endpoints (#3487)
feat: Add support for network-configurations endpoints (#3497)
build(deps): bump codecov/codecov-action from 5.3.1 to 5.4.0 (#3500)
build(deps): bump actions/cache from 4.2.1 to 4.2.2 in the actions group (#3499)
Add created_at field to Reaction (#3501)
Add reason parameter to MergeGroupEvent (#3508)
fix(ci): ensure 'auto' toolchain applies to generate (#3436)
Bump dependency versions from dependabot warnings (#3512)
Bump go-jose to v4.0.5 (#3513)
build(deps): bump golang.org/x/net from 0.33.0 to 0.36.0 in /example (#3514)
docs: Update readme and examples for updated go-github-ratelimit and introduce go-github-pagination (#3504)
Add validity filter to secret scanning alert list options (#3516)
build(deps): bump github.com/alecthomas/kong from 1.8.1 to 1.9.0 in /tools (#3518)
build(deps): bump github.com/getkin/kin-openapi from 0.129.0 to 0.130.0 in /tools (#3517)
feat: Add automatic_copilot_code_review_enabled parameter to ruleset API (#3506)
Bump version of go-github to v70.0.0 (#3520)

github/codeql-action (github/codeql-action)

`v4.32.0`

`v4.31.11`

When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
Improved error handling throughout the CodeQL Action. #3415
Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403

`v4.31.10`

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.10 - 12 Jan 2026

Update default CodeQL bundle version to 2.23.9. #3393

See the full CHANGELOG.md for more information.

step-security/harden-runner (step-security/harden-runner)

`v2.14.1`

What's Changed

In some self-hosted environments, the agent could briefly fall back to public DNS resolvers during startup if the system DNS was not yet available. This behavior was unintended for GitHub-hosted runners and has now been fixed to prevent any use of public DNS resolvers.
Fixed npm audit vulnerabilities

Full Changelog: step-security/harden-runner@v2.14.0...v2.14.1

Configuration

📅 Schedule: Branch creation - "every 1 hours every weekday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.


          Update all dependencies

0544b44

sbtaylor15 merged commit f31bbd4 into main

8 checks passed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet