chore(deps): bump the github-actions group with 4 updates

[dependabot]

Bumps the github-actions group with 4 updates: actions/setup-go, vladopajic/go-test-coverage, dependabot/fetch-metadata and actions/dependency-review-action.

Updates actions/setup-go from 5.4.0 to 5.5.0

Release notes

Sourced from actions/setup-go's releases.

v5.5.0

What's Changed

Bug fixes:

• Update self-hosted environment validation by @​priyagupta108 in actions/setup-go#556
• Add manifest validation and improve error handling by @​priyagupta108 in actions/setup-go#586
• Update template link by @​jsoref in actions/setup-go#527

Dependency updates:

• Upgrade @​action/cache from 4.0.2 to 4.0.3 by @​aparnajyothi-y in actions/setup-go#574
• Upgrade @​actions/glob from 0.4.0 to 0.5.0 by @​dependabot in actions/setup-go#573
• Upgrade ts-jest from 29.1.2 to 29.3.2 by @​dependabot in actions/setup-go#582
• Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by @​dependabot in actions/setup-go#537

New Contributors

• @​jsoref made their first contribution in actions/setup-go#527

Full Changelog: actions/setup-go@v5...v5.5.0

Commits

• d35c59a chore: update discussions url (#527)
• 29694d7 Add manifest validation and improve error handling (#586)
• 78535dd Bump eslint-plugin-jest from 27.9.0 to 28.11.0 (#537)
• bb65d88 Bump ts-jest from 29.1.2 to 29.3.2 (#582)
• 7f17e83 Bump @​actions/glob from 0.4.0 to 0.5.0 (#573)
• dca8468 Update self-hosted environment validation and bump undici version (#556)
• 691cc35 upgrade actions/cache to 4.0.3 (#574)
• See full diff in compare view

Updates vladopajic/go-test-coverage from 2.14.1 to 2.14.3

Release notes

Sourced from vladopajic/go-test-coverage's releases.

v2.14.3

What's Changed

• fix(coverage): improved go.mod file search by @​vladopajic in vladopajic/go-test-coverage#192

Full Changelog: vladopajic/go-test-coverage@v2.14.2...v2.14.3

v2.14.2

What's Changed

• chore(deps): bump golang from 1.24.2 to 1.24.3 by @​dependabot in vladopajic/go-test-coverage#189
• chore: add more logs by @​vladopajic in vladopajic/go-test-coverage#191

Full Changelog: vladopajic/go-test-coverage@v2...v2.14.2

Commits

• 7003e90 chore(version): bump to v2.14.3 (#193)
• e459ad4 fix(coverage): improved go.mod file search (#192)
• 2e10c49 Merge branch 'main' of github.com:vladopajic/go-test-coverage
• e155870 chore(version): bump to v2.14.2
• dd31f96 chore: add more logs (#191)
• 563705a chore(deps): bump golang from 1.24.2 to 1.24.3 (#189)
• dd70f04 chore: add error print
• See full diff in compare view

Updates dependabot/fetch-metadata from 2.3.0 to 2.4.0

Release notes

Sourced from dependabot/fetch-metadata's releases.

v2.4.0

What's Changed

• Bump actions/create-github-app-token from 1.11.0 to 1.11.3 by @​dependabot in dependabot/fetch-metadata#598
• Bump @​vercel/ncc from 0.38.1 to 0.38.3 by @​dependabot in dependabot/fetch-metadata#578
• Add missing @octokit/request-error to package.json by @​jeffwidman in dependabot/fetch-metadata#605
• Bump to ESLint 9 by @​jeffwidman in dependabot/fetch-metadata#606
• Stop using a node16 devcontainer image by @​jeffwidman in dependabot/fetch-metadata#608
• Make typescript compile to "es2022" by @​jeffwidman in dependabot/fetch-metadata#609
• Bump the dev-dependencies group across 1 directory with 8 updates by @​dependabot in dependabot/fetch-metadata#607
• Tidy up examples slightly by @​jeffwidman in dependabot/fetch-metadata#611
• Fixup some anchor tags that weren't deeplinking by @​jeffwidman in dependabot/fetch-metadata#614
• Remove unnecessary hardcoding of ref by @​jeffwidman in dependabot/fetch-metadata#617
• Bump actions/create-github-app-token from 1.11.3 to 2.0.2 by @​dependabot in dependabot/fetch-metadata#616
• Enable caching of npm install/npm ci for setup-node action by @​jeffwidman in dependabot/fetch-metadata#618
• Add workflow to publish new version of immutable action on every release by @​jeffwidman in dependabot/fetch-metadata#623
• Bump actions/create-github-app-token from 2.0.2 to 2.0.6 by @​dependabot in dependabot/fetch-metadata#621
• v2.4.0 by @​fetch-metadata-action-automation in dependabot/fetch-metadata#594

Full Changelog: dependabot/fetch-metadata@v2...v2.4.0

Commits

• 08eff52 v2.4.0 (#594)
• 821b654 Merge pull request #621 from dependabot/dependabot/github_actions/actions/cre...
• 2c22a37 Bump actions/create-github-app-token from 2.0.2 to 2.0.6
• 6ad01a0 Add workflow to publish new version of immutable action on every release (#623)
• 8ca800c Enable caching of npm install/npm ci for setup-node action (#618)
• 6787635 Merge pull request #616 from dependabot/dependabot/github_actions/actions/cre...
• a09d4af Bump actions/create-github-app-token from 1.11.3 to 2.0.2
• 3a5ce46 Remove unnecessary hardcoding of ref (#617)
• 798f45c Fixup some anchor tags that weren't deeplinking (#614)
• 6c031ac Tidy up examples slightly (#611)
• Additional commits viewable in compare view

Updates actions/dependency-review-action from 4.6.0 to 4.7.1

Release notes

Sourced from actions/dependency-review-action's releases.

v4.7.1

• Packages added to allow-dependencies-licenses will be allowed even if the package in question has no license information #889
• License expressions (e.g. Ruby OR GPL-2.0) in the allow list are automatically discarded so that they don't invalidate the whole allow list, which should just be license identifier (e.g. Ruby)

v4.7.0

• Handle complex license expressions (e.g. MIT AND GPL-2.0) in allow lists (fixes #809 and probably others)
• Replace OTHER in package licenses with LicenseRef-clearlydefined-OTHER so that parsing passes

Commits

• da24556 Merge pull request #933 from actions/dangoor/471-release
• 9af0caf Bump version number for 4.7.1
• d8f2df2 Merge pull request #932 from actions/907-disallow-expression
• 6e9307a Discard allow list entries that are not SPDX IDs
• 8805179 Merge pull request #930 from actions/889-allow-no-license
• 014300b Update build
• 34486f3 Check namespaces when excluding license checks
• 9b155d6 Update build
• f199659 Allowing dependencies works with no licenses
• 38ecb5b Merge pull request #929 from actions/dangoor/4.7-release
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[smlx]

@dependabot rebase