chore(deps): bump the actions-deps group across 1 directory with 9 updates

[dependabot]

Bumps the actions-deps group with 9 updates in the / directory:

Package	From	To
step-security/harden-runner	2.13.2	2.14.1
docker/metadata-action	5.9.0	5.10.0
docker/login-action	3.6.0	3.7.0
docker/setup-buildx-action	3.11.1	3.12.0
actions/create-github-app-token	2.1.4	2.2.1
actions/stale	10.1.0	10.1.1
actions/setup-go	6.0.0	6.2.0
codecov/codecov-action	5.5.1	5.5.2
golangci/golangci-lint-action	9.0.0	9.2.0

Updates step-security/harden-runner from 2.13.2 to 2.14.1

Release notes

Sourced from step-security/harden-runner's releases.

v2.14.1

What's Changed

1. In some self-hosted environments, the agent could briefly fall back to public DNS resolvers during startup if the system DNS was not yet available. This behavior was unintended for GitHub-hosted runners and has now been fixed to prevent any use of public DNS resolvers.

2. Fixed npm audit vulnerabilities

Full Changelog: step-security/harden-runner@v2.14.0...v2.14.1

v2.14.0

What's Changed

• Selective installation: Harden-Runner now skips installation on GitHub-hosted runners when the repository has a custom property skip_harden_runner, allowing organizations to opt out specific repos.
• Avoid double install: The action no longer installs Harden-Runner if it’s already present on a GitHub-hosted runner, which could happen when a composite action also installs it.

Full Changelog: step-security/harden-runner@v2.13.3...v2.14.0

v2.13.3

What's Changed

• Fixed an issue where process events were not uploaded in certain edge cases.

Full Changelog: step-security/harden-runner@v2.13.2...v2.13.3

Commits

• e3f713f Merge pull request #631 from step-security/rc-31
• 423acdd chore: fix npm audit vulnerabilities
• 0ddb86c update agent
• 20cf305 Merge pull request #622 from step-security/feature/custom-property-skip
• c51e8ee feat: skip agent install and post step on subsequent runs for GitHub-hosted r...
• e152b90 feat: skip harden-runner based on repository custom property
• ee1faec feat: replace skip-harden-runner with skip-on-custom-property input
• 1dc7c17 feat: add skip-harden-runner input to conditionally skip execution
• df199fb Merge pull request #620 from step-security/rc-29
• 03d096a update agent
• Additional commits viewable in compare view

Updates docker/metadata-action from 5.9.0 to 5.10.0

Release notes

Sourced from docker/metadata-action's releases.

v5.10.0

• Bump @​docker/actions-toolkit from 0.66.0 to 0.68.0 in docker/metadata-action#559 docker/metadata-action#569
• Bump js-yaml from 3.14.1 to 3.14.2 in docker/metadata-action#564

Full Changelog: docker/metadata-action@v5.9.0...v5.10.0

Commits

• c299e40 Merge pull request #569 from docker/dependabot/npm_and_yarn/docker/actions-to...
• f015d79 chore: update generated content
• 121bcc2 chore(deps): Bump @​docker/actions-toolkit from 0.67.0 to 0.68.0
• f7b6bf4 Merge pull request #564 from docker/dependabot/npm_and_yarn/js-yaml-3.14.2
• 0b95c6b Merge pull request #565 from docker/dependabot/github_actions/actions/checkout-6
• 17f70d7 Merge pull request #568 from motoki317/docs/fix-to-24h-schedule-pattern
• afd7e6d docs(README): Fix date format from 12h to 24h in schedule pattern
• 602aff8 chore(deps): Bump actions/checkout from 5 to 6
• aecb1a4 chore(deps): Bump js-yaml from 3.14.1 to 3.14.2
• 8d8c7c1 Merge pull request #559 from docker/dependabot/npm_and_yarn/docker/actions-to...
• Additional commits viewable in compare view

Updates docker/login-action from 3.6.0 to 3.7.0

Release notes

Sourced from docker/login-action's releases.

v3.7.0

• Add scope input to set scopes for the authentication token by @​crazy-max in docker/login-action#912
• Add support for AWS European Sovereign Cloud ECR by @​dphi in docker/login-action#914
• Ensure passwords are redacted with registry-auth input by @​crazy-max in docker/login-action#911
• build(deps): bump lodash from 4.17.21 to 4.17.23 in docker/login-action#915

Full Changelog: docker/login-action@v3.6.0...v3.7.0

Commits

• c94ce9f Merge pull request #915 from docker/dependabot/npm_and_yarn/lodash-4.17.23
• 8339c95 Merge pull request #912 from docker/scope
• c83e932 build(deps): bump lodash from 4.17.21 to 4.17.23
• b268aa5 chore: update generated content
• a603229 documentation for scope input
• 7567f92 Add scope input to set scopes for the authentication token
• 0567fa5 Merge pull request #914 from dphi/add-support-for-amazonaws.eu
• f6ef577 feat: add support for AWS European Sovereign Cloud ECR registries
• 916386b Merge pull request #911 from crazy-max/ensure-redact
• 5b3f94a chore: update generated content
• Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.11.1 to 3.12.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.12.0

• Deprecate install input by @​crazy-max in docker/setup-buildx-action#455
• Bump @​docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/setup-buildx-action#434
• Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-buildx-action#436
• Bump form-data from 2.5.1 to 2.5.5 in docker/setup-buildx-action#432
• Bump undici from 5.28.4 to 5.29.0 in docker/setup-buildx-action#435

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

Commits

• 8d2750c Merge pull request #455 from crazy-max/install-deprecated
• e81846b deprecate install input
• 65d18f8 Merge pull request #454 from docker/dependabot/github_actions/actions/checkout-6
• 000d75d build(deps): bump actions/checkout from 5 to 6
• 1583c0f Merge pull request #443 from nicolasleger/patch-1
• ed158e7 doc: bump actions/checkout from 4 to 5
• 4cc794f Merge pull request #441 from docker/dependabot/github_actions/actions/checkout-5
• 4dfc3d6 build(deps): bump actions/checkout from 4 to 5
• af1b253 Merge pull request #440 from crazy-max/k3s-build
• 3c6ab92 ci: k3s test with latest buildx
• Additional commits viewable in compare view

Updates actions/create-github-app-token from 2.1.4 to 2.2.1

Release notes

Sourced from actions/create-github-app-token's releases.

v2.2.1

2.2.1 (2025-12-05)

Bug Fixes

• deps: bump the production-dependencies group with 2 updates (#311) (b212e6a)

v2.2.0

2.2.0 (2025-11-21)

Bug Fixes

• deps: bump glob from 10.4.5 to 10.5.0 (#305) (5480f43)
• deps: bump p-retry from 6.2.1 to 7.1.0 (#294) (dce3be8)
• deps: bump the production-dependencies group with 2 updates (#292) (55e2a4b)

Features

• update permission inputs (#296) (d90aa53)

Commits

• 29824e6 build(release): 2.2.1 [skip ci]
• b212e6a fix(deps): bump the production-dependencies group with 2 updates (#311)
• 8efbf9b ci: create stale workflow (#309)
• 7e473ef build(release): 2.2.0 [skip ci]
• dce3be8 fix(deps): bump p-retry from 6.2.1 to 7.1.0 (#294)
• 5480f43 fix(deps): bump glob from 10.4.5 to 10.5.0 (#305)
• d90aa53 feat: update permission inputs (#296)
• 55e2a4b fix(deps): bump the production-dependencies group with 2 updates (#292)
• cc6f999 ci(test): trigger on merge_group (#308)
• 40fa6b5 build(deps-dev): bump @​sinonjs/fake-timers from 14.0.0 to 15.0.0 (#295)
• Additional commits viewable in compare view

Updates actions/stale from 10.1.0 to 10.1.1

Release notes

Sourced from actions/stale's releases.

v10.1.1

What's Changed

Bug Fix

• Add Missing Input Reading for only-issue-types by @​Bibo-Joshi in actions/stale#1298

Improvement

• Improves error handling when rate limiting is disabled on GHES. by @​chiranjib-swain in actions/stale#1300

Dependency Upgrades

• Upgrade eslint-config-prettier from 8.10.0 to 10.1.8 by @​dependabot in actions/stale#1276
• Upgrade @​types/node from 20.10.3 to 24.2.0 and document breaking changes in v10 by @​dependabot in actions/stale#1280
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot in actions/stale#1291
• Upgrade actions/checkout from 4 to 6 by @​dependabot in actions/stale#1306

New Contributors

• @​chiranjib-swain made their first contribution in actions/stale#1300

Full Changelog: actions/stale@v10...v10.1.1

Commits

• 9971854 build(deps): bump actions/checkout from 4 to 6 (#1306)
• 5611b9d build(deps): bump actions/publish-action from 0.3.0 to 0.4.0 (#1291)
• fad0de8 Improves error handling when rate limiting is disabled on GHES. (#1300)
• 39bea7d Add Missing Input Reading for only-issue-types (#1298)
• e46bbab build(deps-dev): bump @​types/node from 20.10.3 to 24.2.0 and document breakin...
• 65d1d48 build(deps-dev): bump eslint-config-prettier from 8.10.0 to 10.1.8 (#1276)
• See full diff in compare view

Updates actions/setup-go from 6.0.0 to 6.2.0

Release notes

Sourced from actions/setup-go's releases.

v6.2.0

What's Changed

Enhancements

• Example for restore-only cache in documentation by @​aparnajyothi-y in actions/setup-go#696
• Update Node.js version in action.yml by @​ccoVeille in actions/setup-go#691
• Documentation update of actions/checkout by @​deining in actions/setup-go#683

Dependency updates

• Upgrade js-yaml from 3.14.1 to 3.14.2 by @​dependabot in actions/setup-go#682
• Upgrade @​actions/cache to v5 by @​salmanmkc in actions/setup-go#695
• Upgrade actions/checkout from 5 to 6 by @​dependabot in actions/setup-go#686
• Upgrade qs from 6.14.0 to 6.14.1 by @​dependabot in actions/setup-go#703

New Contributors

• @​ccoVeille made their first contribution in actions/setup-go#691
• @​deining made their first contribution in actions/setup-go#683

Full Changelog: actions/setup-go@v6...v6.2.0

v6.1.0

What's Changed

Enhancements

• Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @​nicholasngai in actions/setup-go#665
• Add support for .tool-versions file and update workflow by @​priya-kinthali in actions/setup-go#673
• Add comprehensive breaking changes documentation for v6 by @​mahabaleshwars in actions/setup-go#674

Dependency updates

• Upgrade eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking changes in v6 by @​dependabot in actions/setup-go#617
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot in actions/setup-go#641
• Upgrade semver and @​types/semver by @​dependabot in actions/setup-go#652

New Contributors

• @​nicholasngai made their first contribution in actions/setup-go#665
• @​priya-kinthali made their first contribution in actions/setup-go#673
• @​mahabaleshwars made their first contribution in actions/setup-go#674

Full Changelog: actions/setup-go@v6...v6.1.0

Commits

• 7a3fe6c Bump qs from 6.14.0 to 6.14.1 (#703)
• b9adafd Bump actions/checkout from 5 to 6 (#686)
• d73f6bc README.md: correct to actions/checkout@v6 (#683)
• ae252ee Bump @​actions/cache to v5 (#695)
• bf7446a Bump js-yaml from 3.14.1 to 3.14.2 (#682)
• 02aadfe Fix Node.js version in action.yml (#691)
• 4aaadf4 Example for restore-only cache in documentation (#696)
• 4dc6199 Bump semver and @​types/semver (#652)
• f3787be Add comprehensive breaking changes documentation for v6 (#674)
• 3a0c2c8 Bump actions/publish-action from 0.3.0 to 0.4.0 (#641)
• Additional commits viewable in compare view

Updates codecov/codecov-action from 5.5.1 to 5.5.2

Release notes

Sourced from codecov/codecov-action's releases.

v5.5.2

What's Changed

• check gpg only when skip-validation = false by @​maxweng-sentry in codecov/codecov-action#1894
• chore: disable_search alignment by @​freemanzMrojo in codecov/codecov-action#1881
• chore(release): 5.5.2 by @​thomasrockhu-codecov in codecov/codecov-action#1902

New Contributors

• @​maxweng-sentry made their first contribution in codecov/codecov-action#1894
• @​freemanzMrojo made their first contribution in codecov/codecov-action#1881

Full Changelog: codecov/codecov-action@v5.5.1...v5.5.2

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

• fix: overwrite pr number on fork by @​thomasrockhu-codecov in codecov/codecov-action#1871
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​app/dependabot in codecov/codecov-action#1868
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​app/dependabot in codecov/codecov-action#1867
• fix: update to use local app/ dir by @​thomasrockhu-codecov in codecov/codecov-action#1872
• docs: fix typo in README by @​datalater in codecov/codecov-action#1866
• Document a codecov-cli version reference example by @​webknjaz in codecov/codecov-action#1774
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​app/dependabot in codecov/codecov-action#1861
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​app/dependabot in codecov/codecov-action#1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

• feat: upgrade wrapper to 0.2.4 by @​jviall in codecov/codecov-action#1864
• Pin actions/github-script by Git SHA by @​martincostello in codecov/codecov-action#1859
• fix: check reqs exist by @​joseph-sentry in codecov/codecov-action#1835
• fix: Typo in README by @​spalmurray in codecov/codecov-action#1838
• docs: Refine OIDC docs by @​spalmurray in codecov/codecov-action#1837
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​app/dependabot in codecov/codecov-action#1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

• build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @​app/dependabot in codecov/codecov-action#1822
• fix: OIDC on forks by @​joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

• 671740a chore(release): 5.5.2 (#1902)
• 96b38e9 chore: disable_search alignment (#1881)
• 9b6d1f8 check gpg only when skip-validation = false (#1894)
• See full diff in compare view

Updates golangci/golangci-lint-action from 9.0.0 to 9.2.0

Release notes

Sourced from golangci/golangci-lint-action's releases.

v9.2.0

What's Changed

Changes

• feat: add version-file option by @​ldez in golangci/golangci-lint-action#1320
• chore: move samples into fixtures by @​ldez in golangci/golangci-lint-action#1321

Dependencies

• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot[bot] in golangci/golangci-lint-action#1317
• build(deps): bump actions/checkout from 5 to 6 by @​dependabot[bot] in golangci/golangci-lint-action#1318
• build(deps-dev): bump the dev-dependencies group with 3 updates by @​dependabot[bot] in golangci/golangci-lint-action#1323
• build(deps): bump yaml from 2.8.1 to 2.8.2 in the dependencies group by @​dependabot[bot] in golangci/golangci-lint-action#1324

Full Changelog: golangci/golangci-lint-action@v9.1.0...v9.2.0

v9.1.0

What's Changed

Changes

• feat: automatic module directories by @​ldez in golangci/golangci-lint-action#1315

Documentation

• docs: organize options by @​ldez in golangci/golangci-lint-action#1314

Dependencies

• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot[bot] in golangci/golangci-lint-action#1307
• build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 by @​dependabot[bot] in golangci/golangci-lint-action#1309
• build(deps-dev): bump the dev-dependencies group with 2 updates by @​dependabot[bot] in golangci/golangci-lint-action#1310
• build(deps): bump the dependencies group with 2 updates by @​dependabot[bot] in golangci/golangci-lint-action#1311

Full Changelog: golangci/golangci-lint-action@v9.0.0...v9.1.0

Commits

• 1e7e51e build(deps): bump yaml from 2.8.1 to 2.8.2 in the dependencies group (#1324)
• 5256ff0 build(deps-dev): bump the dev-dependencies group with 3 updates (#1323)
• 13fed6f chore: update workflows
• 7afe8ff chore: update workflows
• 5a92899 chore: move samples into fixtures (#1321)
• aa6fad0 feat: add version-file option (#1320)
• a6071aa build(deps): bump actions/checkout from 5 to 6 (#1318)
• 6e36c84 build(deps-dev): bump the dev-dependencies group with 2 updates (#1317)
• e7fa5ac feat: automatic module directories (#1315)
• f3ae99f docs: organize options (#1314)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions